CVE-2022-35925

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions BookWyrm versions prior to 0.4.5

Description BookWyrm, a social network for tracking reading, has an issue where versions prior to 0.4.5 lack rate limiting on authentication views. This lack of rate limiting allows for brute-force attacks. The issue has been patched in version 0.4.5.

Recommendations For versions prior to 0.4.5, update to version 0.4.5 to patch the issue. As a temporary workaround for users unable to upgrade, manually update the nginx.conf file with the necessary changes to add rate limiting on authentication views. Admins with existing instances should update their nginx.conf file that was created when the instance was set up.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307CWE-287

Related Identifiers

CVE-2022-35925

GHSA-JVP3-MQV8-5RJW

Affected Products

Bookwyrm

CVE-2022-35925

Weakness Enumeration

Related Identifiers

Affected Products

References · 7