Main Vulnerability Database Vulnerabilities #VU131116

Observable Response Discrepancy in Sulu - CVE-2023-39343

Published: August 3, 2023 / Updated: May 12, 2026

Vulnerability identifier: #VU131116

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-39343

CWE-ID: CWE-204

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Sulu GmbH

Affected software:
Sulu

Detailed vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information about valid admin login identifiers.

The vulnerability exists due to observable response discrepancy in the admin login form when handling authentication failures. A remote attacker can submit login attempts with different usernames or email addresses to disclose sensitive information about valid admin login identifiers.

Only installations using the newer Symfony security system are vulnerable.

How to mitigate CVE-2023-39343

Install security update from vendor's website.

Sources

https://github.com/sulu/sulu/security/advisories/GHSA-wmwf-49vv-p3mr

Observable Response Discrepancy in Sulu - CVE-2023-39343

Detailed vulnerability description

How to mitigate CVE-2023-39343

Sources

Please verify you're human