PT-2019-14474 · Pixel & Tonic · Craft Cms

Publicado

2019-10-24

·

Atualizado

2022-05-24

·

CVE-2019-15929

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Craft CMS versions prior to 3.1.7
Description The elevated session password prompt in Craft CMS was not rate limited, similar to normal login forms, allowing for potential brute force attempts.
Recommendations For versions prior to 3.1.7, update to version 3.1.7 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-640

Identificadores relacionados

CVE-2019-15929
GHSA-WVR4-W6CW-4PX8

Produtos afetados

Craft Cms