[CRITICAL] Ibexa User Bundle is missing password change validation

PKSA-tp68-m26r-qqm9 CVE-2025-67719 GHSA-x93p-w2ch-fg67

Affected version: >=5.0.0-beta1,<5.0.4

Reported by:
GitHub

[MEDIUM] ibexa/user login enumerates user accounts

PKSA-193d-p3tz-4pbs GHSA-q3x8-6898-23g3

Affected version: >=5.0.0,<5.0.3

Reported by:
GitHub

[MEDIUM] Ibexa User Settings are accessible on the front-end for anonymous user

PKSA-zs9k-bjf7-sw3g GHSA-r3fg-3r88-6x3f

Affected version: >=4.0.0,<4.4.3

Reported by:
GitHub