Unverified Password Change in pimcore/admin-ui-classic-bundle
CVE-2023-5844

4.3MEDIUM

Key Information:

Vendor: Pimcore
Status: Pimcore/admin-ui-classic-bundle
Vendor: CVE Published:; 30 October 2023

🔔 Create Pimcore Vulnerability Alert

What is CVE-2023-5844?

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.

Affected Version(s)

pimcore/admin-ui-classic-bundle < 1.2.0

References

https://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284a...

https://github.com/pimcore/admin-ui-classic-bundle/commit...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2023
Vulnerability Reserved
Oct 30, 2023

.