{"id":"CVE-2022-48366","details":"An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.","aliases":["GHSA-66m4-gc8h-hpjx"],"modified":"2026-04-10T04:53:48.781799Z","published":"2023-03-12T05:15:12.137Z","related":["GHSA-342c-vcff-2ff2","GHSA-xfqg-p48g-hh94"],"references":[{"type":"ADVISORY","url":"https://github.com/ezsystems/ezplatform-kernel/security/advisories/GHSA-342c-vcff-2ff2"},{"type":"ADVISORY","url":"https://github.com/ezsystems/ezpublish-kernel/security/advisories/GHSA-xfqg-p48g-hh94"},{"type":"ADVISORY","url":"https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ezsystems/ezcommerce","events":[{"introduced":"14186b550123331f59ab9b85032dd96cde8ac9c8"},{"fixed":"8a174a1d3dc4710b437f775ec1f4b021fe7b8624"}],"database_specific":{"versions":[{"introduced":"2.5.0"},{"fixed":"2.5.13"}]}},{"type":"GIT","repo":"https://github.com/ezsystems/ezplatform","events":[{"introduced":"0"},{"fixed":"645791e9fdbf7013c38139ec2f8cd3506fb22127"},{"introduced":"cf8ed163c44ad383802b0e82b947b4fe3afdb5fa"},{"fixed":"160a87d442c3509d9fd854ae84197d9bff2ff002"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.5.30"},{"introduced":"3.0.0"},{"fixed":"3.0.2"}]}},{"type":"GIT","repo":"https://github.com/ibexa/commerce","events":[{"introduced":"186cfa6d82e3564efca9b7686e00225cfe4430a1"},{"fixed":"9038d2e14f408255c60a1daba6c53408adccbd01"},{"introduced":"d0594cf367d09d1f0c3ad38fd1eb100f160570ee"},{"fixed":"feae30c4f74ef67c8e3e28d52fe2b0642d15c566"},{"introduced":"3ea957e34737af074b80b7ba3fb400b7d7a59550"},{"fixed":"7a326018cdbb49d2fc427e062743e4cb75cc6406"},{"introduced":"186cfa6d82e3564efca9b7686e00225cfe4430a1"},{"fixed":"3036e2146db3dc99a99867b2d532352d37b39543"},{"introduced":"d0594cf367d09d1f0c3ad38fd1eb100f160570ee"},{"fixed":"feae30c4f74ef67c8e3e28d52fe2b0642d15c566"},{"introduced":"3ea957e34737af074b80b7ba3fb400b7d7a59550"},{"fixed":"7a326018cdbb49d2fc427e062743e4cb75cc6406"},{"introduced":"d0594cf367d09d1f0c3ad38fd1eb100f160570ee"},{"fixed":"feae30c4f74ef67c8e3e28d52fe2b0642d15c566"},{"introduced":"3ea957e34737af074b80b7ba3fb400b7d7a59550"},{"fixed":"7a326018cdbb49d2fc427e062743e4cb75cc6406"}],"database_specific":{"versions":[{"introduced":"3.3.0"},{"fixed":"3.3.18"},{"introduced":"4.0.0"},{"fixed":"4.0.7"},{"introduced":"4.1.0"},{"fixed":"4.1.4"},{"introduced":"3.3.0"},{"fixed":"3.3.20"},{"introduced":"4.0.0"},{"fixed":"4.0.7"},{"introduced":"4.1.0"},{"fixed":"4.1.4"},{"introduced":"4.0.0"},{"fixed":"4.0.7"},{"introduced":"4.1.0"},{"fixed":"4.1.4"}]}}],"versions":["v0.5.0","v1.3.0","v1.3.0-beta1","v1.3.0-rc2","v1.4.0","v1.4.0-beta1","v1.4.0-rc1","v1.5.0","v1.5.0-beta1","v1.5.0-beta2","v1.5.0-rc1","v1.5.0-rc2","v1.5.1-rc1","v2.5.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48366.json","unresolved_ranges":[{"events":[{"introduced":"1.3.0"},{"fixed":"1.3.27"}]},{"events":[{"introduced":"2.3.0"},{"fixed":"2.3.19"}]},{"events":[{"introduced":"1.3.0"},{"fixed":"1.3.19"}]},{"events":[{"introduced":"7.5.0"},{"fixed":"7.5.29"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}