Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Github Security Blog
Github Security Blogadded 2023/03/12 6:30 a.m.59 views

Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references. Original Description This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2023/03/12 6:30 a.m.14 views

GHSA-89P3-9J8C-FQH4 Duplicate Advisory: User account enumeration in eZ Publish Ibexa Kernel

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gmrf-99gw-vvwj. This link is maintained to preserve external references. Original Description This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References4
NVD
NVDadded 2022/11/10 9:15 p.m.12 views

CVE-2022-41876

ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...

7.5CVSS0.04165EPSS
Exploits1References1
Prion
Prionadded 2022/11/10 9:15 p.m.19 views

Design/Logic Flaw

ezplatform-graphql is a GraphQL server implementation for Ibexa DXP and Ibexa Open Source. Versions prior to 2.3.12 and 1.0.13 are subject to Insecure Storage of Sensitive Information. Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or...

5CVSS5.3AI score0.04165EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2022/11/10 12:0 a.m.109 views

CVE-2022-41876

CVE-2022-41876 affects ezplatform-graphql (Ibexa DXP and Ibexa Open Source). The vulnerability is caused by insecure storage that allows unauthenticated GraphQL queries to expose user password hashes (typically for admins/editors). Patches exist in Ibexa/DXP versions 2.3.12 and 1.0.13 on the 1.X ...

7.5CVSS5.6AI score0.04165EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2021/03/11 5:42 p.m.13 views

GHSA-GMRF-99GW-VVWJ /user/sessions endpoint allows detecting valid accounts

This Security Advisory is about a vulnerability in eZ Platform v1.13, v2.5, and v3.2, and in Ibexa DXP and Ibexa Open Source v3.3. The /user/sessions endpoint can let an attacker detect if a given username or email refers to a valid account. This can be detected through differences in the respons...

5.3CVSS7.1AI score0.00237EPSS
Exploits0References5
Rows per page
Query Builder