Deepcove

Name of the Vulnerable Software and Affected Versions: Windmill version 1.380.0 Description: A vulnerability exists in the HTTP Request Handler component, affecting an unknown function of the file backend/windmill-api/src/users.rs. This issue leads to improper restriction of excessive authentication attempts, allowing remote attacks. The complexity of an attack is rather high, and the exploitability is difficult. Recommendations: For Windmill version 1.380.0, upgrade to version 1.390.1 to address this issue. As a temporary workaround, consider restricting access to the `users.rs` file or the affected HTTP Request Handler component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Kimai versions up to 2.15.0 **Description** A vulnerability was found in the Session Handler component of Kimai, where the manipulation of the `PHPSESSIONID` argument leads to information disclosure. The attack can be launched remotely, with a rather high complexity and difficult exploitation. **Recommendations** For Kimai versions up to 2.15.0, upgrade to version 2.16.0 to address this issue. As a temporary workaround, consider restricting access to the Session Handler component until the upgrade is applied.