Описание
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.
Уязвимые конфигурации
Конфигурация 1Версия до 0.18.1 (включая)
cpe:2.3:a:infiniflow:ragflow:*:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00095
Низкий
9.1 Critical
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-307
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 9.1
github
9 месяцев назад
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.
EPSS
Процентиль: 27%
0.00095
Низкий
9.1 Critical
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-307
NVD-CWE-noinfo