CVE-2019-15929

Опубликовано: 24 окт. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.

Ссылки

http://packetstormsecurity.com/files/155012/Craft-CMS-Rate-Limiting-Brute-Force.html
Third Party Advisory
https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#317---2019-01-31
Release Notes
Third Party Advisory
http://packetstormsecurity.com/files/155012/Craft-CMS-Rate-Limiting-Brute-Force.html
Third Party Advisory
https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#317---2019-01-31
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*

Версия до 3.1.7 (включая)

EPSS

Процентиль: 58%

0.00358

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-640

Связанные уязвимости

GHSA-wvr4-w6cw-4px8