CVE-2022-48366 - Vulnerability Details - OpenCVE

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Ibexa	Commerce Digital Experience Platform Ez Platform Ez Platform Kernel Ezplatform-page-builder Jmspaymentcorebundle Kernel

Configuration 1 [-]

OR	cpe:2.3:a:ibexa:commerce::::::::
	cpe:2.3:a:ibexa:commerce::::::::
	cpe:2.3:a:ibexa:commerce::::::::
	cpe:2.3:a:ibexa:commerce::::::::
	cpe:2.3:a:ibexa:digital_experience_platform::::::::
	cpe:2.3:a:ibexa:digital_experience_platform::::::::
	cpe:2.3:a:ibexa:digital_experience_platform::::::::
	cpe:2.3:a:ibexa:ez_platform::::::::
	cpe:2.3:a:ibexa:ezplatform-page-builder::::::::
	cpe:2.3:a:ibexa:ezplatform-page-builder::::::::
	cpe:2.3:a:ibexa:jmspaymentcorebundle::::::::
	cpe:2.3:o:ibexa:ez_platform_kernel::::::::
	cpe:2.3:o:ibexa:ez_platform_kernel::::::::
	cpe:2.3:o:ibexa:kernel::::::::
	cpe:2.3:o:ibexa:kernel::::::::

No data.

References

Link	Providers
https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce
https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2
https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94

History

Tue, 04 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-03-12T00:00:00.000Z

Updated: 2025-03-04T16:54:22.053Z

Reserved: 2023-03-12T00:00:00.000Z

Link: CVE-2022-48366

Vulnrichment

Updated: 2024-08-03T15:10:59.779Z

NVD

Status : Modified

Published: 2023-03-12T05:15:12.137

Modified: 2025-03-04T17:15:10.980

Link: CVE-2022-48366

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-48366", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-04T16:54:22.053Z", "dateReserved": "2023-03-12T00:00:00.000Z", "datePublished": "2023-03-12T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-03-12T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce"}, {"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94"}, {"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:10:59.779Z"}, "title": "CVE Program Container", "references": [{"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce", "tags": ["x_transferred"]}, {"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94", "tags": ["x_transferred"]}, {"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-362", "lang": "en", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-04T16:53:33.539529Z", "id": "CVE-2022-48366", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T16:54:22.053Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce", "tags": ["x_transferred"]}, {"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94", "tags": ["x_transferred"]}, {"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:10:59.779Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-48366", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-04T16:53:33.539529Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T16:54:15.896Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce"}, {"url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94"}, {"url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-03-12T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48366", "state": "PUBLISHED", "dateUpdated": "2025-03-04T16:54:22.053Z", "dateReserved": "2023-03-12T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-03-12T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibexa:commerce:*:*:*:*:*:*:*:*", "matchCriteriaId": "99BD5846-A337-4DB0-AD4B-D5AC43374574", "versionEndExcluding": "2.5.13", "versionStartIncluding": "2.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibexa:commerce:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C615105-3898-4F5D-A471-4A17D9D4C40E", "versionEndExcluding": "3.3.18", "versionStartIncluding": "3.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibexa:commerce:*:*:*:*:*:*:*:*", "matchCriteriaId": "22CC127A-FCF6-42E5-8657-40D6D6BA407A", "versionEndExcluding": "4.0.7", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibexa:commerce:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB6462C1-26C6-4550-8970-0D87B0085B1A", "versionEndExcluding": "4.1.4", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF0E126E-6CC0-4B4F-8EDA-8A8654122B75", "versionEndExcluding": "3.3.20", "versionStartIncluding": "3.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "41E90F8A-62F4-427E-870A-7FE120226F86", "versionEndExcluding": "4.0.7", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibexa:digital_experience_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "47D91FC1-5677-44BB-A290-1F8B310DADE5", "versionEndExcluding": "4.1.4", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibexa:ez_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FC59878-0F30-434C-9542-8742237543AD", "versionEndExcluding": "2.5.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibexa:ezplatform-page-builder:*:*:*:*:*:*:*:*", "matchCriteriaId": "7924253B-4EC8-4E91-8400-2109825A8D70", "versionEndExcluding": "1.3.27", "versionStartIncluding": "1.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibexa:ezplatform-page-builder:*:*:*:*:*:*:*:*", "matchCriteriaId": "D87DA57C-E7EF-4F67-AAB6-1256AC3F1C43", "versionEndExcluding": "2.3.19", "versionStartIncluding": "2.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibexa:jmspaymentcorebundle:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E312E42-DE15-487B-A5AA-1A1B1666AAC2", "versionEndExcluding": "3.0.2", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1E43724-FEF5-4817-870E-48D15BA73EC4", "versionEndExcluding": "1.3.19", "versionStartIncluding": "1.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibexa:ez_platform_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2E1DD8D-84A4-49E1-B50D-10AA1B4871EF", "versionEndExcluding": "7.5.29", "versionStartIncluding": "7.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibexa:kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "577C3DF2-1471-43C1-9242-D70EDDBA7216", "versionEndExcluding": "4.0.7", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibexa:kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7C28202-AFB4-4313-9FE8-017B8676A6CD", "versionEndExcluding": "4.1.4", "versionStartIncluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack."}], "id": "CVE-2022-48366", "lastModified": "2025-03-04T17:15:10.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-03-12T05:15:12.137", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}