SB2023080372 - Observable Response Discrepancy in Sulu
Published: August 3, 2023 Updated: May 12, 2026
Security Bulletin ID
SB2023080372
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Observable Response Discrepancy (CVE-ID: CVE-2023-39343)
The vulnerability allows a remote attacker to disclose sensitive information about valid admin login identifiers.
The vulnerability exists due to observable response discrepancy in the admin login form when handling authentication failures. A remote attacker can submit login attempts with different usernames or email addresses to disclose sensitive information about valid admin login identifiers.
Only installations using the newer Symfony security system are vulnerable.
Remediation
Install update from vendor's website.