CVE-2023-46745

Опубликовано: 17 нояб. 2023

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

EPSS Низкий

Описание

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

https://github.com/librenms/librenms/security/advisories/GHSA-rq42-58qf-v3qx
Exploit
Vendor Advisory
https://github.com/librenms/librenms/security/advisories/GHSA-rq42-58qf-v3qx
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*

Версия до 23.11.0 (исключая)

EPSS

Процентиль: 0%

0.00007

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-307

Связанные уязвимости

GHSA-rq42-58qf-v3qx

CVSS3: 5.3

github

около 2 лет назад

LibreNMS vulnerable to rate limiting bypass on login page

EPSS

Процентиль: 0%

0.00007

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-307