Exposure of Sensitive Information to an Unauthorized Actor in pimcore/pimcore
CVE-2023-3819

7.6HIGH

Key Information:

Vendor: Pimcore
Status: Pimcore/pimcore
Vendor: CVE Published:; 21 July 2023

Summary

Pimcore GmbH's Pimcore platform is susceptible to a sensitive information exposure vulnerability. This issue allows unauthorized actors to gain access to sensitive data in the GitHub repository for versions prior to 10.6.4. Developers and users are advised to upgrade to the latest version promptly to mitigate potential risks associated with unauthorized access to sensitive information.

Affected Version(s)

pimcore/pimcore < 10.6.4

References

https://huntr.dev/bounties/be5e4d4c-1b0b-4c01-a1fc-005331...

https://github.com/pimcore/pimcore/commit/0237527b3244d25...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 21, 2023
Vulnerability Reserved
Jul 21, 2023