CVE-2019-15929

CVE-2019-15929

EPSS 1.6%

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://packetstormsecurity.com/files/155012/Craft-CMS-Rate-Limiting-Brute-Force.html https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#317---2019-01-31