CVE-2019-15929 – craftcms/cms

Package

Manager: composer
Name: craftcms/cms
Vulnerable Version: >=0 <3.1.7

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00358 pctl0.5728

Details

Craft CMS possibility of brute force attempts In Craft CMS before 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.

Metadata

Created: 2022-05-24T16:59:48Z
Modified: 2024-02-01T21:27:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wvr4-w6cw-4px8/GHSA-wvr4-w6cw-4px8.json
CWE IDs: ["CWE-640"]
Alternative ID: GHSA-wvr4-w6cw-4px8
Finding: F087
Auto approve: 1