GitHub Advisory DatabaseGHSA-J65R-G7Q2-F8V3Pimcore customers' list user password hash is disclosed
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
45.5%
Impact
The customer view exposes the hashed password along with other deails. An attacker is then able to enum password of a particular id, likewise we can replace id with other user , for example 1015, password hash can be disclosed which can be further cracked with hashcat
Patches
Update to version 3.3.10 or apply this patch manually https://github.com/pimcore/customer-data-framework/commit/d1d58c10313f080737dc1e71fab3beb12488a1e6.patch
Workarounds
Apply https://github.com/pimcore/customer-data-framework/commit/d1d58c10313f080737dc1e71fab3beb12488a1e6.patch manually.
References
https://huntr.dev/bounties/db6c32f4-742e-4262-8fd5-cefd0f133416/
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| pimcore/customer-management-framework-bundle | lt | 3.3.10 |
References
github.com/advisories/GHSA-j65r-g7q2-f8v3
github.com/pimcore/customer-data-framework/commit/d1d58c10313f080737dc1e71fab3beb12488a1e6
github.com/pimcore/customer-data-framework/security/advisories/GHSA-j65r-g7q2-f8v3
huntr.dev/bounties/db6c32f4-742e-4262-8fd5-cefd0f133416
nvd.nist.gov/vuln/detail/CVE-2023-2881
Related
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
45.5%