A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
{
"unresolved_ranges": [
{
"source": "CPE_STRING",
"vendor_product": "opensuse:backports_sle",
"extracted_events": [
{
"introduced": "15.0-sp1"
},
{
"last_affected": "15.0-sp1"
},
{
"introduced": "15.0-sp2"
},
{
"last_affected": "15.0-sp2"
}
],
"cpes": [
"cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*"
]
},
{
"source": "CPE_STRING",
"vendor_product": "opensuse:leap",
"extracted_events": [
{
"introduced": "15.1"
},
{
"last_affected": "15.1"
},
{
"introduced": "15.2"
},
{
"last_affected": "15.2"
}
],
"cpes": [
"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*"
]
}
]
}