← volver
CVE-2019-15929

CVE-2019-15929

EPSS 1.6%
In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/155012/Craft-CMS-Rate-Limiting-Brute-Force.htmlhttps://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#317---2019-01-31