SCA: security update for pimcore/admin-ui-classic-bundle (GHSA-mrqg-mwh7-q94j)

high Tenable Cloud Security Plugin ID 417119

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset
functionality sends to the the user requesting a password change an email containing an URL to reset its
password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its
password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the
user's password. Prior to version 1.2.3, the reset-password URL is crafted using the "Host" HTTP header of
the request sent to request a password reset. This way, an external attacker could send password requests
for users, but specify a "Host" header of a website that they control. If the user receiving the mail
clicks on the link, the attacker would retrieve the reset token of the victim and perform account
takeover. Version 1.2.3 fixes this issue. (CVE-2024-23648)

See Also

https://github.com/advisories/GHSA-mrqg-mwh7-q94j

Plugin Details

Severity: High

ID: 417119

Version: Revision 1.6

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 6/1/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-23648

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/24/2024

Vulnerability Publication Date: 1/24/2024

Reference Information

CVE: CVE-2024-23648

cwe: CWE-74