CVE-2019-15929

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
Configurations

Configuration 1

cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*

Information

Published : 2019-10-24 04:15

Updated : 2019-10-30 01:52


NVD link : CVE-2019-15929

Mitre link : CVE-2019-15929

Products Affected
No products.
CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password