CVE-2020-18698

Name of the Vulnerable Software and Affected Versions: Lin-CMS-Flask version 0.1.1

Description: The issue allows remote attackers to launch brute force login attempts without restriction via the login function in the component app/api/cms/user.py. This enables attackers to attempt multiple logins without being blocked or restricted, potentially leading to unauthorized access.

Recommendations: For Lin-CMS-Flask version 0.1.1, consider temporarily disabling the login function in the app/api/cms/user.py component until a patch is available to prevent brute force login attempts. Restrict access to the app/api/cms/user.py component to minimize the risk of exploitation. Avoid using the login function in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.