We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
It is possible to enumerate usernames via the forgot password functionality
Update to version 10.1.3 or apply this patch manually: https://github.com/pimcore/pimcore/pull/10223.patch
10.1.3
Apply https://github.com/pimcore/pimcore/pull/10223.patch manually.
https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c/
Impact
It is possible to enumerate usernames via the forgot password functionality
Patches
Update to version
10.1.3or apply this patch manually: https://github.com/pimcore/pimcore/pull/10223.patchWorkarounds
Apply https://github.com/pimcore/pimcore/pull/10223.patch manually.
References
https://huntr.dev/bounties/12462a99-ebf8-4e39-80b3-54a16caa3f4c/