Name of the Vulnerable Software and Affected Versions: eZ Platform versions 1.13, 2.5, and 3.2 Ibexa DXP and Ibexa Open Source version 3.3

Description: A security issue exists where the "/user/sessions" endpoint can be exploited to detect if a given username or email refers to a valid account. This can be achieved by analyzing differences in the response data or response time of certain requests.

Recommendations: For eZ Platform versions 1.13, 2.5, and 3.2, update via Composer to ensure the fix is applied. For Ibexa DXP and Ibexa Open Source version 3.3, update via Composer to ensure the fix is applied. As a temporary workaround, consider restricting access to the "/user/sessions" endpoint until the issue is resolved.