Lucene search

@huntrdevCVELIST:CVE-2022-3945

HistoryNov 11, 2022 - 12:00 a.m.

CVE-2022-3945 Improper Restriction of Excessive Authentication Attempts in kareadita/kavita

2022-11-1100:00:00

CWE-307

@huntrdev

www.cve.org

cve-2022-3945

github repository

excessive authentication attempts

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

30.0%

JSON

Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3.

CNA Affected

[
  {
    "vendor": "kareadita",
    "product": "kareadita/kavita",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "0.6.0.3",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/kareadita/kavita/commit/f8db37d3f9aa42d47e7c4f4ca839e892d3f97afb

huntr.dev/bounties/55cd91b3-1d94-4d34-8d7f-86660b41fd65

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

EPSS

0.001

Percentile

30.0%

JSON

Related for CVELIST:CVE-2022-3945