Lucene search

[email protected]CVE-2018-17368

HistorySep 23, 2018 - 10:29 p.m.

CVE-2018-17368

2018-09-2322:29:00

[email protected]

web.nvd.nist.gov

publiccms

v4.0.180825

cve-2018-17368

vulnerability

brute-force

attack

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.1%

JSON

An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-force attacks.

Affected configurations

NVD

Node

publiccmspubliccmsMatch4.0.180825

CPENameOperatorVersion
publiccms:publiccmspubliccmseq4.0.180825

CPE	Name	Operator	Version
publiccms:publiccms	publiccms	eq	4.0.180825

References

github.com/sanluan/PublicCMS/issues/18

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.1%

JSON

Related for CVE-2018-17368

prion1 nvd1 cvelist1