103 matches found
Remote Authentication Rate Limiting Bypass
github.com/windmill-labs/windmill is vulnerable to Remote Authentication Rate Limiting Bypass. The vulnerability is due to improper handling of authentication attempts, which fails to restrict excessive attempts, allowing an attacker to exploit excessive authentication attempts remotely, with a...
GO-2024-3118 Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill...
GHSA-G6Q4-W3J3-JFC4 Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
CVE-2024-8462
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
CVE-2024-8462
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
CVE-2024-8462 Windmill HTTP Request users.rs excessive authentication
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
CVE-2024-8462 Windmill HTTP Request users.rs excessive authentication
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
CVE-2024-8462
Windmill 1.380.0 is affected by CVE-2024-8462 in the HTTP Request Handler (backend/windmill-api/src/users.rs), leading to improper restriction of excessive authentication attempts. The vulnerability is exploitable remotely with high attack complexity and low reported impact; upgrading to version ...
WindMill 安全漏洞
WindMill is a free and open source tool from the individual developer Lukasavicus. It is used to control job execution in Python. A security vulnerability exists in WindMill version 1.380.0 that stems from an improper restriction of excessive authentication attempts...
abstra (>=1.8.8 <=2.5.1), actionpi (>=1.1.4 <=1.2.0.dev22) +477 more potentially affected by CVE-2024-1681 via flask-cors (>=1.1.2 <=4.0.0)
flask-cors PYPI version =1.1.2, =1.8.8, =1.1.4, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =0.0.1, =0.0.18, =1.0.2, =2.5.0, =2.5.0, =0.1.0b2696.post0.dev1, =0.1.8, =0.0.1, =1.0.2, =1.0.5 and more Source cves: CVE-2024-1681 Source advisory: OSV:PYSEC-2024-271...
windmill-lr.co.uk Cross Site Scripting vulnerability OBB-3880619
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-31519
The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31519
The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31519
The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Path traversal
The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31519
The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31519
The CVE-2022-31519 entry concerns the WindMill project by Lukasavicus (up to version 1.0 and earlier) where an unsafe use of Flask’s send_file enables absolute path traversal. Affected component: Flask-based file delivery in WindMill, leading to potential access to arbitrary files via path traver...
WindMill 路径遍历漏洞
WindMill is a free open source tool from the individual developers at Lukasavicus. It is used to control job execution in Python. A security vulnerability exists in WindMill version 1.0 and earlier versions, which stems from an incorrect call to Flask's sendfile function that results in absolute...
windmill-farm-caravan-park.com Improper Access Control vulnerability OBB-2269051
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...