CVE-2021-46876

Published March 12th, 2023

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

N/A

Affected

1

PROJECT

Description

An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.

ezsystems/ezpublish-kernel

Kernel (Repository, MVC layer, REST) for eZ Platform

GitHub

160