PT-2023-26325 · Pimcore · Pimcore
Published
2023-07-21
·
Updated
2023-07-26
·
CVE-2023-3819
CVSS v3.1
7.6
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
pimcore/pimcore versions prior to 10.6.4
Description
The issue allows unauthorized users to obtain sensitive information about the system's runtime environment and features they have no permissions to access.
Recommendations
For versions prior to 10.6.4, update to version 10.6.4 to resolve the issue.
As a temporary workaround, apply the patch manually from https://github.com/pimcore/pimcore/commit/0237527b3244d251fa5ecd4912dfe4f8b2125c54.patch.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pimcore