Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-9wwg-r3c7-4vfg

GitHub Security Advisory

Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact
`AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls.

An authenticated user can access the system without having to provide the 2 factor credentials.

### Patches
Apply patch https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch

### Workarounds
Upgrade to version 1.2.2 or apply the [patch](https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch) manually.

Affected Packages

Packagist pimcore/admin-ui-classic-bundle
Affected versions: 0 (fixed in 1.2.2)

Related CVEs

CVE-2023-49075

Key Information

GHSA ID
GHSA-9wwg-r3c7-4vfg
Published
November 27, 2023 11:23 PM
Last Modified
November 28, 2023 5:44 PM
CVSS Score
7.5 /10
Primary Ecosystem
Packagist
Primary Package
pimcore/admin-ui-classic-bundle
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 25, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.