CVE Vulnerability

CVE-2022-35925

BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.github.com/bookwyrm-social/bookwyrm/commit/7bbe42fb30a79a26115524d18b697d895563c92f Patch Third Party Advisory
https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-jvp3-mqv8-5rjw Third Party Advisory
https://huntr.dev/bounties/ebee593d-3fd0-4985-bf5e-7e7927e08bf6/ Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:joinbookwyrm:bookwyrm:*:*:*:*:*:*:*:*
Information

Published : 2022-08-02 09:15

Updated : 2022-08-08 07:52

NVD link : CVE-2022-35925

Mitre link : CVE-2022-35925

Products Affected
No products.
CWE
CWE-287