Cyber Resilience

CVE-2023-39343

Medium

Published: 04 August 2023

Published
04 August 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0037 59.5th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-39343 is a medium-severity Observable Response Discrepancy (CWE-204) vulnerability in Sulu Sulu. Its CVSS base score is 4.3 (Medium).

Operationally, ranked in the top 40.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony…

more

5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sulu
sulu
2.5.0 — 2.5.10

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-204

Fake or randomized responses remove distinguishable success/failure signals attackers rely on.

addresses: CWE-204

Eliminates distinguishable response discrepancies in error conditions that could be exploited for reconnaissance.

References