Description

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.

Remediation

References

CVE-2019-15929

Related Vulnerabilities

Drupal Core 9.0.x Directory Traversal (9.0.0 - 9.0.14)

Oracle JRE CVE-2012-5071 Vulnerability (CVE-2012-5071)

Joomla! Core 3.3.x Remote File Inclusion (3.3.0 - 3.3.4)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4223)

WordPress Plugin Export any WordPress data to XML/CSV Cross-Site Scripting (1.3.0)

Severity

Critical

Classification

CVE-2019-15929 CWE-640 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities