What is CVE-2024-41109?

CVE-2024-41109 is a medium-severity vulnerability in Pimcore Admin-ui-classic-bundle, classified under Information Disclosure. CVSS score: 6.3/10. Published 2024-07-30.

How severe is CVE-2024-41109?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Information disclosure in Pimcore Admin-ui-classic-bundle

CVE-2024-41109

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed b…

Vulnerability class: Information Disclosure

EPSS: 0.001 (15.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Pimcore Admin-ui-classic-bundle — versions < 1.5.2

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-fx6j-9pp6-ph36 (x_refsource_CONFIRM)
https://github.com/pimcore/admin-ui-classic-bundle/commit/afa10bff2f8bfe9c8af7b6b75885bc403f6984f0 (x_refsource_MISC)
https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/IndexController.php#L125C24-L125C40 (x_refsource_MISC)
https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.5.2 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-41109?: CVE-2024-41109 is a medium-severity vulnerability in Pimcore Admin-ui-classic-bundle, classified under Information Disclosure. CVSS score: 6.3/10. Published 2024-07-30.
How severe is CVE-2024-41109?: Medium severity. CVSS v3 base score is 6.3 out of 10.