PT-2025-44081 — Generation of Error Message Containing Sensitive Information em Packagist Ibexa/User

PT-2025-44081 · Packagist · Ibexa/User

Publicado

2025-10-17

Atualizado

2025-10-17

CVSS v4.0

6.9

Média

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Impact

In v5, error messages could provide enough information to tell whether a user exists or not. This is resolved by ensuring the error messages are sufficiently ambigious.

Patches

See "Patched versions".

Workarounds

None.

Resources

https://developers.ibexa.co/security-advisories/ibexa-sa-2025-004-xss-and-enumeration-vulnerabilities-in-back-office

Correção

Generation of Error Message Containing Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-209

Identificadores relacionados

GHSA-Q3X8-6898-23G3

Produtos afetados

Ibexa/User