Timing Attack Vulnerability in eZ Platform Ibexa Kernel
CVE-2022-48366

3.7LOW

Key Information:

Vendor: Ibexa
Status: Commerce; Jmspaymentcorebundle; Ezplatform-page-builder; Ez Platform Kernel
Vendor: CVE Published:; 12 March 2023

What is CVE-2022-48366?

A vulnerability in eZ Platform Ibexa Kernel allows an attacker to infer the existence of user accounts through a timing attack. This issue, found in versions before 1.3.19, can be exploited by measuring the response time of authentication mechanisms, potentially leading to unauthorized access or account enumeration. Immediate updates are recommended to mitigate this risk.

References

https://developers.ibexa.co/security-advisories/ibexa-sa-...

https://github.com/ezsystems/ezpublish-kernel/security/ad...

https://github.com/ezsystems/ezplatform-kernel/security/a...

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2023
Vulnerability Reserved
Mar 12, 2023