Publish GHSA-6f58-j323-6472

advisory-database[bot] · advisory-database[bot] · commit 25352e8789d7 · 2025-11-10T21:58:17.000Z
diff --git a/advisories/github-reviewed/2023/10/GHSA-6f58-j323-6472/GHSA-6f58-j323-6472.json b/advisories/github-reviewed/2023/10/GHSA-6f58-j323-6472/GHSA-6f58-j323-6472.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6f58-j323-6472",
-  "modified": "2023-10-31T22:23:18Z",
+  "modified": "2025-11-10T21:56:15Z",
   "published": "2023-10-31T22:23:18Z",
   "aliases": [
     "CVE-2023-5844"
   ],
   "summary": "pimcore/admin-ui-classic-bundle Unverified Password Change",
-  "details": "### Impact\nAs old password can be set as new password , it is considered as password policy violation.\n\nPimcore is not enforcing strict password policy which allow attacker to set old password as new password\n\nProof of Concept\n1. Go to Admin link\n2. login and click on -> \"User | My Profile\".\n3. Go to change password now put old password as new password and click save.\n\n### Patches\nhttps://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch\n\n### Workarounds\nUpdate to version 1.2.0 or apply this patches manually\nhttps://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch\n\n### References\nhttps://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021/\n",
+  "details": "### Impact\nAs old password can be set as new password , it is considered as password policy violation.\n\nPimcore is not enforcing strict password policy which allow attacker to set old password as new password\n\nProof of Concept\n1. Go to Admin link\n2. login and click on -> \"User | My Profile\".\n3. Go to change password now put old password as new password and click save.\n\n### Patches\nhttps://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch\n\n### Workarounds\nUpdate to version 1.2.0 or apply this patches manually\nhttps://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch\n\n### References\nhttps://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021/",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -28,7 +28,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "1.2.0"
+              "fixed": "1.2.0-RC1"
             }
           ]
         }

Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,13 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-6f58-j323-6472",`
`4`		`- "modified": "2023-10-31T22:23:18Z",`
	`4`	`+ "modified": "2025-11-10T21:56:15Z",`
`5`	`5`	`"published": "2023-10-31T22:23:18Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2023-5844"`
`8`	`8`	`],`
`9`	`9`	`"summary": "pimcore/admin-ui-classic-bundle Unverified Password Change",`
`10`		- "details": "### Impact\nAs old password can be set as new password , it is considered as password policy violation.\n\nPimcore is not enforcing strict password policy which allow attacker to set old password as new password\n\nProof of Concept\n1. Go to Admin link\n2. login and click on -> \"User \| My Profile\".\n3. Go to change password now put old password as new password and click save.\n\n### Patches\nhttps://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch\n\n### Workarounds\nUpdate to version 1.2.0 or apply this patches manually\nhttps://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch\n\n### References\nhttps://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021/\n",
	`10`	+ "details": "### Impact\nAs old password can be set as new password , it is considered as password policy violation.\n\nPimcore is not enforcing strict password policy which allow attacker to set old password as new password\n\nProof of Concept\n1. Go to Admin link\n2. login and click on -> \"User \| My Profile\".\n3. Go to change password now put old password as new password and click save.\n\n### Patches\nhttps://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch\n\n### Workarounds\nUpdate to version 1.2.0 or apply this patches manually\nhttps://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea.patch\n\n### References\nhttps://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021/",
`11`	`11`	`"severity": [`
`12`	`12`	`{`
`13`	`13`	`"type": "CVSS_V3",`
`@@ -28,7 +28,7 @@`
`28`	`28`	`"introduced": "0"`
`29`	`29`	`},`
`30`	`30`	`{`
`31`		`- "fixed": "1.2.0"`
	`31`	`+ "fixed": "1.2.0-RC1"`
`32`	`32`	`}`
`33`	`33`	`]`
`34`	`34`	`}`