CVE-2022-48366
12.03.2023, 05:15
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
| Vendor | Product | Version |
|---|---|---|
| ibexa | commerce | 2.5.0 ≤ 𝑥 < 2.5.13 |
| ibexa | commerce | 3.3.0 ≤ 𝑥 < 3.3.18 |
| ibexa | commerce | 4.0.0 ≤ 𝑥 < 4.0.7 |
| ibexa | commerce | 4.1.0 ≤ 𝑥 < 4.1.4 |
| ibexa | digital_experience_platform | 3.3.0 ≤ 𝑥 < 3.3.20 |
| ibexa | digital_experience_platform | 4.0.0 ≤ 𝑥 < 4.0.7 |
| ibexa | digital_experience_platform | 4.1.0 ≤ 𝑥 < 4.1.4 |
| ibexa | ez_platform | 𝑥 < 2.5.30 |
| ibexa | ezplatform-page-builder | 1.3.0 ≤ 𝑥 < 1.3.27 |
| ibexa | ezplatform-page-builder | 2.3.0 ≤ 𝑥 < 2.3.19 |
| ibexa | jmspaymentcorebundle | 3.0.0 ≤ 𝑥 < 3.0.2 |
| ibexa | ez_platform_kernel | 1.3.0 ≤ 𝑥 < 1.3.19 |
| ibexa | ez_platform_kernel | 7.5.0 ≤ 𝑥 < 7.5.29 |
| ibexa | kernel | 4.0.0 ≤ 𝑥 < 4.0.7 |
| ibexa | kernel | 4.1.0 ≤ 𝑥 < 4.1.4 |
𝑥
= Vulnerable software versions
References