CVE-2022-48366

Published: Mar 12, 2023
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-48366" target="_blank" rel="noopener"> CVE-2022-48366
GHSA: <a href="https://github.com/advisories/GHSA-66m4-gc8h-hpjx" target="_blank" rel="noopener"> GHSA-66m4-gc8h-hpjx
Severity: Low
Exploit:

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.

CVSS v3:

CWEs:

Software	From	Fixed in
ibexa / commerce	4.1.0	4.1.4
ibexa / commerce	4.0.0	4.0.7
ibexa / commerce	3.3.0	3.3.18
ibexa / commerce	2.5.0	2.5.13
ibexa / jmspaymentcorebundle	3.0.0	3.0.2
ibexa / ezplatform-page-builder	2.3.0	2.3.19
ibexa / ezplatform-page-builder	1.3.0	1.3.27
ibexa / ez_platform_kernel	1.3.0	1.3.19
ibexa / ez_platform_kernel	7.5.0	7.5.29
ibexa / digital_experience_platform	4.1.0	4.1.4
ibexa / digital_experience_platform	4.0.0	4.0.7
ibexa / digital_experience_platform	3.3.0	3.3.20
ibexa / ez_platform	-	2.5.30
ibexa / kernel	4.1.0	4.1.4
ibexa / kernel	4.0.0	4.0.7
ezsystems / ezplatform-kernel	1.3.0	1.3.19
ezsystems / ezpublish-kernel	7.5.0	7.5.29