PT-2024-39029 · Windmill · Windmill
Deepcove
·
Published
2024-09-05
·
Updated
2024-09-06
·
CVE-2024-8462
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Windmill version 1.380.0
Description:
A vulnerability exists in the HTTP Request Handler component, affecting an unknown function of the file backend/windmill-api/src/users.rs. This issue leads to improper restriction of excessive authentication attempts, allowing remote attacks. The complexity of an attack is rather high, and the exploitability is difficult.
Recommendations:
For Windmill version 1.380.0, upgrade to version 1.390.1 to address this issue. As a temporary workaround, consider restricting access to the
users.rs file or the affected HTTP Request Handler component to minimize the risk of exploitation.Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windmill