CVE-2019-15929

Critical

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the…

mitre·CWE-640·Published 2019-10-24

CVSS

9.8

EPSS

0.02

KEV

Exploits

cve.orgen

177 chars

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.

NVDen

177 chars

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.

In Craft CMS before 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.

GHSAen

176 chars

In Craft CMS before 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.

NVDes

231 chars

En Craft CMS versiones hasta 3.1.7, la petición de contraseña de sesión elevada no estaba siendo limitada como en los formularios de inicio de sesión normales, conllevando a la posibilidad de un intento de fuerza bruta sobre ellos.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	GHSA	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H