58 matches found
CVE-2023-2675 Improper Restriction of Excessive Authentication Attempts in linagora/twake
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 2023.Q1.1223...
CVE-2023-2675
CVE-2023-2675 targets linagora/twake versions prior to 2023.Q1.1223, where there is an improper restriction of excessive authentication attempts. Public assessments indicate high-impact potential (confidentiality, integrity, and availability). The vulnerability is tied to brute-force-like behavio...
PT-2023-20777 · Linagora · Linagora/Twake
Name of the Vulnerable Software and Affected Versions: linagora/twake versions prior to 2023.Q1.1223 Description: The issue is related to improper restriction of excessive authentication attempts. Recommendations: For versions prior to 2023.Q1.1223, update to version 2023.Q1.1223 or later to...
Input validation
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0...
CVE-2023-1665 Improper Restriction of Excessive Authentication Attempts in linagora/twake
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0...
CVE-2023-1665 Improper Restriction of Excessive Authentication Attempts in linagora/twake
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0...
Twake 安全漏洞
Twake is a secure open-source collaboration platform open-sourced by LINAGORA that improves organizational productivity. A security vulnerability exists in linagora/twake version 2022.Q4.1120 that stems from the lack of protection against brute force attacks on the login page...
CVE-2023-1665
CVE-2023-1665 affects linagora/twake (versions prior to 0.0.0). The root cause is improper restriction of excessive authentication attempts, enabling brute-force login on the login endpoint (example PoC shows repeated login attempts against /internal/services/console/v1/login). Impact is high: po...
CVE-2023-1665 Improper Restriction of Excessive Authentication Attempts in linagora/twake
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0...
No Protection Against Bruteforce Attacks on Login Page
Description Twake does not limit unsuccessfull login attempts allowing an attacker to brute force the password of an administrator or regular user. Proof of Concept Steps to reproduce Because Twake does not rate limit authentication attempts an attacker could either bruteforce both the login and...
CVE-2023-0028
Cross-site Scripting XSS - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+...
CVE-2023-0028 Cross-site Scripting (XSS) - Stored in linagora/twake
Cross-site Scripting XSS - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+...
PT-2023-15957 · Linagora · Linagora/Twake
Name of the Vulnerable Software and Affected Versions: linagora/twake versions prior to 2023.Q1.1200+ Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input and later displays it without proper validation, allowing attackers to...
Twake 跨站脚本漏洞
Twake is a secure open source collaboration platform open sourced by LINAGORA that improves organizational productivity. Twake suffers from a cross-site scripting vulnerability that originates from the presence of XSS in the integration URL in linagora/twake, which allows javascript to be execute...
CVE-2023-0028 Cross-site Scripting (XSS) - Stored in linagora/twake
Cross-site Scripting XSS - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+...
CVE-2023-0028
The CVE-2023-0028 entry corresponds to a stored Cross-site Scripting (XSS) vulnerability in the linagora/twake repository, where injected scripts can execute when a user clicks an integration URL. Affected component: the integration URL handling in Twake prior to 2023.Q1.1200+. Root cause: unvali...
CVE-2023-0028 Cross-site Scripting (XSS) - Stored in linagora/twake
Cross-site Scripting XSS - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+...