GHSA-377j-wj38-4728

Опубликовано: 04 сент. 2025

Источник: github

Github: Прошло ревью

CVSS4: 2.1

Описание

Weblate has a long session expiry when verifying second factor

Impact

The verification of the second factor had too long a session expiry. The long session expiry could be used to circumvent rate limiting of the second factor.

Patches

This issue has been addressed in Weblate 5.13.1 via https://github.com/WeblateOrg/weblate/pull/16002.

References

Thanks to Nahid Hasan Limon for reporting this issue responsibly.

Ссылки

Пакеты

Наименование

Weblate

pip

Затронутые версииВерсия исправления

< 5.13.1

5.13.1

EPSS

Процентиль: 21%

0.00067

Низкий

2.1 Low

CVSS4

CVE ID

CVE-2025-58352

Дефекты

CWE-613

Связанные уязвимости

CVE-2025-58352

CVSS3: 6.5

nvd

5 месяцев назад

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1.

CVE-2025-58352

CVSS3: 6.5

debian

5 месяцев назад

Weblate is a web based localization tool. Versions lower than 5.13.1 c ...

EPSS

Процентиль: 21%

0.00067

Низкий

2.1 Low

CVSS4

CVE ID

CVE-2025-58352

Дефекты

CWE-613