CVE-2023-5844Unverified Password Change in Admin-ui-classic-bundle

CWE-620Unverified Password ChangeCWE-287Improper Authentication5 documents5 sources
Severity
7.2HIGHNVD
EPSS
0.0%
top 99.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Pimcore Admin-ui-classic-bundlePimcore Admin-ui-classic-bundlePimcore Admin Classic Bundle
Timeline
PublishedOct 30
Latest updateJun 11

Description

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

Packagistpimcore/admin-ui-classic-bundle< 1.2.0-RC1
CVEListV5pimcore/pimcore_admin-ui-classic-bundleunspecified1.2.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
pimcore/admin-ui-classic-bundle Unverified Password Change2023-10-31
OSV
pimcore/admin-ui-classic-bundle Unverified Password Change2023-10-31
CVEList
Unverified Password Change in pimcore/admin-ui-classic-bundle2023-10-30

📋Vendor Advisories

1
Chrome
Stable Channel Update for Desktop: CVE-2024-58422024-06-11
CVE-2023-5844 — Unverified Password Change | cvebase