Vulnerability-Lookup

CVE-2015-10012 (GCVE-0-2015-10012)

Vulnerability from cvelistv5 – Published: 2023-01-03 08:27 – Updated: 2024-08-06 08:58 Unsupported When Assigned

Title

sumocoders FrameworkUserBundle login.html.twig information exposure

Summary

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Severity ?

3.5 (Low)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.5 (Low)


                        
                          CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-209 - Information Exposure Through Error Message

Assigner

VulDB

References

URL

	Vendor	Product	Version
	sumocoders	FrameworkUserBundle	Affected: 1.0 Affected: 1.1 Affected: 1.2 Affected: 1.3

GSD-2015-10012

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Aliases

CVE-2015-10012

Aliases

CVE-2015-10012

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-10012",
    "id": "GSD-2015-10012"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-10012"
      ],
      "details": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
      "id": "GSD-2015-10012",
      "modified": "2023-12-13T01:20:07.011159Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@vuldb.com",
        "ID": "CVE-2015-10012",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FrameworkUserBundle",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "1.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "sumocoders"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "VulDB GitHub Commit Analyzer"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
          },
          {
            "lang": "deu",
            "value": "** UNSUPPPORTED WHEN ASSIGNED ** Eine problematische Schwachstelle wurde in sumocoders FrameworkUserBundle bis 1.3.x ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei Resources/views/Security/login.html.twig. Durch das Manipulieren mit unbekannten Daten kann eine information exposure through error message-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.4.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als abe4993390ba9bd7821ab12678270556645f94c8 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          {
            "baseScore": 2.7,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-209",
                "lang": "eng",
                "value": "CWE-209 Information Exposure Through Error Message"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://vuldb.com/?id.217268",
            "refsource": "MISC",
            "url": "https://vuldb.com/?id.217268"
          },
          {
            "name": "https://vuldb.com/?ctiid.217268",
            "refsource": "MISC",
            "url": "https://vuldb.com/?ctiid.217268"
          },
          {
            "name": "https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8",
            "refsource": "MISC",
            "url": "https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8"
          },
          {
            "name": "https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0",
            "refsource": "MISC",
            "url": "https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.4.0",
          "affected_versions": "All versions before 1.4.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-209",
            "CWE-937"
          ],
          "date": "2023-01-10",
          "description": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
          "fixed_versions": [
            "1.4.0"
          ],
          "identifier": "CVE-2015-10012",
          "identifiers": [
            "GHSA-6m7c-45ff-3328",
            "CVE-2015-10012"
          ],
          "not_impacted": "All versions starting from 1.4.0",
          "package_slug": "packagist/sumocoders/framework-user-bundle",
          "pubdate": "2023-01-03",
          "solution": "Upgrade to version 1.4.0 or above.",
          "title": "Generation of Error Message Containing Sensitive Information",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2015-10012",
            "https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8",
            "https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0",
            "https://vuldb.com/?ctiid.217268",
            "https://vuldb.com/?id.217268",
            "https://github.com/advisories/GHSA-6m7c-45ff-3328"
          ],
          "uuid": "8a6709a5-e772-456b-9c19-4024ae45dc17"
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:sumocoders:frameworkuserbundle:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "23972C95-47CE-4B66-A7DB-2A7B0C6C90AE",
                    "versionEndExcluding": "1.4.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
          }
        ],
        "id": "CVE-2015-10012",
        "lastModified": "2024-04-11T00:52:58.897",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "LOW",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "NONE",
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 5.1,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "cna@vuldb.com",
              "type": "Secondary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.1,
              "impactScore": 1.4,
              "source": "cna@vuldb.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-01-03T09:15:09.707",
        "references": [
          {
            "source": "cna@vuldb.com",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8"
          },
          {
            "source": "cna@vuldb.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0"
          },
          {
            "source": "cna@vuldb.com",
            "tags": [
              "Permissions Required",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://vuldb.com/?ctiid.217268"
          },
          {
            "source": "cna@vuldb.com",
            "tags": [
              "Permissions Required",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://vuldb.com/?id.217268"
          }
        ],
        "sourceIdentifier": "cna@vuldb.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-209"
              }
            ],
            "source": "cna@vuldb.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

FKIE_CVE-2015-10012

Vulnerability from fkie_nvd - Published: 2023-01-03 09:15 - Updated: 2024-11-21 02:24

Severity ?

3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cna@vuldb.com	https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8	Patch, Third Party Advisory
cna@vuldb.com	https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0	Third Party Advisory
cna@vuldb.com	https://vuldb.com/?ctiid.217268	Permissions Required, Third Party Advisory, VDB Entry
cna@vuldb.com	https://vuldb.com/?id.217268	Permissions Required, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://vuldb.com/?ctiid.217268	Permissions Required, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://vuldb.com/?id.217268	Permissions Required, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	sumocoders	frameworkuserbundle	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sumocoders:frameworkuserbundle:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23972C95-47CE-4B66-A7DB-2A7B0C6C90AE",
              "versionEndExcluding": "1.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cna@vuldb.com",
      "tags": [
        "unsupported-when-assigned"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
    },
    {
      "lang": "es",
      "value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Se encontr\u00f3 una vulnerabilidad en sumocoders FrameworkUserBundle hasta 1.3.x. Ha sido calificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo Resources/views/Security/login.html.twig es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la exposici\u00f3n de informaci\u00f3n a trav\u00e9s de mensajes de error. La actualizaci\u00f3n a la versi\u00f3n 1.4.0 puede solucionar este problema. El nombre del parche es abe4993390ba9bd7821ab12678270556645f94c8. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-217268. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."
    }
  ],
  "id": "CVE-2015-10012",
  "lastModified": "2024-11-21T02:24:10.370",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 5.1,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 1.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-03T09:15:09.707",
  "references": [
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.217268"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.217268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.217268"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.217268"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    }
  ]
}

GHSA-6M7C-45FF-3328

Vulnerability from github – Published: 2023-01-03 09:30 – Updated: 2024-03-01 14:26

Summary

FrameworkUserBundle Generates Error Message Containing Sensitive Information

Details

A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 can address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "sumocoders/framework-user-bundle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-10012"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-209"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-10T22:28:54Z",
    "nvd_published_at": "2023-01-03T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file `Resources/views/Security/login.html.twig`. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 can address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
  "id": "GHSA-6m7c-45ff-3328",
  "modified": "2024-03-01T14:26:40Z",
  "published": "2023-01-03T09:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-10012"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sumocoders/FrameworkUserBundle/commit/abe4993390ba9bd7821ab12678270556645f94c8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sumocoders/FrameworkUserBundle"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sumocoders/FrameworkUserBundle/releases/tag/v1.4.0"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.217268"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.217268"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "FrameworkUserBundle Generates Error Message Containing Sensitive Information"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-10012 (GCVE-0-2015-10012)

GSD-2015-10012

FKIE_CVE-2015-10012

GHSA-6M7C-45FF-3328

Tags

Sightings

Nomenclature