Lucene search

[email protected]NVD:CVE-2024-43042

HistoryAug 16, 2024 - 8:15 p.m.

CVE-2024-43042

2024-08-1620:15:13

CWE-307

[email protected]

web.nvd.nist.gov

pluck cms

brute force attack

failed login attempts

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.9%

JSON

Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack.

Affected configurations

Nvd

Node

pluck-cmspluckMatch4.7.18-

VendorProductVersionCPE
pluck-cmspluck4.7.18cpe:2.3:a:pluck-cms:pluck:4.7.18:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
pluck-cms	pluck	4.7.18	cpe:2.3:a:pluck-cms:pluck:4.7.18:-::::::

References

drive.google.com/file/d/1FnLCFP8xDrE1e_4Ft_TZ7VhC-JBkpsL0/view?usp=sharing

github.com/pluck-cms/pluck

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

43.9%

JSON

Related for NVD:CVE-2024-43042

cve1 cvelist1 vulnrichment1