CVE Vulnerability

CVE-2022-2166

Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://huntr.dev/bounties/2f96f990-01c2-44ea-ae47-58bdb3aa455b Third Party Advisory
https://github.com/mastodon/mastodon/commit/21fd25a269cca742af431f0d13299e139f267346 Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:joinmastodon:mastodon:4.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:joinmastodon:mastodon:4.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:joinmastodon:mastodon:4.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:joinmastodon:mastodon:4.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*
Information

Published : 2022-11-16 01:15

Updated : 2022-11-17 05:00

NVD link : CVE-2022-2166

Mitre link : CVE-2022-2166

Products Affected
No products.
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts