Lucene search
K

103 matches found

Veracode
Veracode
added 2024/09/09 4:58 a.m.8 views

Remote Authentication Rate Limiting Bypass

github.com/windmill-labs/windmill is vulnerable to Remote Authentication Rate Limiting Bypass. The vulnerability is due to improper handling of authentication attempts, which fails to restrict excessive attempts, allowing an attacker to exploit excessive authentication attempts remotely, with a...

6.3CVSS6.9AI score0.00541EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/09/06 8:43 p.m.20 views

GO-2024-3118 Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill

Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill...

6.3CVSS4.2AI score0.00541EPSS
Exploits0References6
OSV
OSV
added 2024/09/05 3:33 p.m.12 views

GHSA-G6Q4-W3J3-JFC4 Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill

A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...

6.3CVSS4.2AI score0.00541EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/09/05 3:33 p.m.30 views

Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill

A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...

6.3CVSS7.1AI score0.00541EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2024/09/05 1:15 p.m.25 views

CVE-2024-8462

A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...

6.3CVSS0.00541EPSS
Exploits0References5
OSV
OSV
added 2024/09/05 1:15 p.m.14 views

CVE-2024-8462

A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...

6.3CVSS7.1AI score
Exploits0References5
Cvelist
Cvelist
added 2024/09/05 1:0 p.m.30 views

CVE-2024-8462 Windmill HTTP Request users.rs excessive authentication

A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...

6.3CVSS0.00541EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/09/05 1:0 p.m.26 views

CVE-2024-8462 Windmill HTTP Request users.rs excessive authentication

A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...

6.3CVSS7.2AI score0.00541EPSS
Exploits0References5
CVE
CVE
added 2024/09/05 1:0 p.m.89 views

CVE-2024-8462

Windmill 1.380.0 is affected by CVE-2024-8462 in the HTTP Request Handler (backend/windmill-api/src/users.rs), leading to improper restriction of excessive authentication attempts. The vulnerability is exploitable remotely with high attack complexity and low reported impact; upgrading to version ...

6.3CVSS4.2AI score0.00541EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/05 12:0 a.m.6 views

WindMill 安全漏洞

WindMill is a free and open source tool from the individual developer Lukasavicus. It is used to control job execution in Python. A security vulnerability exists in WindMill version 1.380.0 that stems from an improper restriction of excessive authentication attempts...

6.3CVSS4.9AI score0.00541EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2024/04/19 8:15 p.m.5 views

abstra (>=1.8.8 <=2.5.1), actionpi (>=1.1.4 <=1.2.0.dev22) +477 more potentially affected by CVE-2024-1681 via flask-cors (>=1.1.2 <=4.0.0)

flask-cors PYPI version =1.1.2, =1.8.8, =1.1.4, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =0.0.1, =0.0.18, =1.0.2, =2.5.0, =2.5.0, =0.1.0b2696.post0.dev1, =0.1.8, =0.0.1, =1.0.2, =1.0.5 and more Source cves: CVE-2024-1681 Source advisory: OSV:PYSEC-2024-271...

5.3CVSS6.2AI score0.00574EPSS
Exploits1
Openbugbounty
Openbugbounty
added 2024/03/20 1:13 a.m.10 views

windmill-lr.co.uk Cross Site Scripting vulnerability OBB-3880619

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/07/11 1:15 a.m.2 views

CVE-2022-31519

The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS5.3AI score0.01118EPSS
Exploits1References2
NVD
NVD
added 2022/07/11 1:15 a.m.14 views

CVE-2022-31519

The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS0.01118EPSS
Exploits1References1
OSV
OSV
added 2022/07/11 1:15 a.m.14 views

CVE-2022-31519

The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2022/07/11 1:15 a.m.15 views

Path traversal

The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

6.4CVSS9.3AI score0.01118EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/07/11 12:55 a.m.14 views

CVE-2022-31519

The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.5AI score0.01118EPSS
Exploits1References1
CVE
CVE
added 2022/07/11 12:55 a.m.63 views

CVE-2022-31519

The CVE-2022-31519 entry concerns the WindMill project by Lukasavicus (up to version 1.0 and earlier) where an unsafe use of Flask’s send_file enables absolute path traversal. Affected component: Flask-based file delivery in WindMill, leading to potential access to arbitrary files via path traver...

9.3CVSS9.2AI score0.01118EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.4 views

WindMill 路径遍历漏洞

WindMill is a free open source tool from the individual developers at Lukasavicus. It is used to control job execution in Python. A security vulnerability exists in WindMill version 1.0 and earlier versions, which stems from an incorrect call to Flask's sendfile function that results in absolute...

9.3CVSS8.4AI score0.01118EPSS
Exploits1References2
Openbugbounty
Openbugbounty
added 2021/11/14 4:46 a.m.11 views

windmill-farm-caravan-park.com Improper Access Control vulnerability OBB-2269051

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.6AI score
Exploits0
Rows per page
Query Builder