CVE-2022-35925

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-35925

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-35925.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-35925

Aliases

GHSA-jvp3-mqv8-5rjw

Published

2022-08-02T20:15:15Z

Modified

2026-04-10T04:49:09.779246Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Missing rate limit in Authentication in bookwyrm

Details

BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their nginx.conf file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-287"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/35xxx/CVE-2022-35925.json"
}

References

Affected packages

Git / github.com/bookwyrm-social/bookwyrm

Affected ranges

Type: GIT
Repo: https://github.com/bookwyrm-social/bookwyrm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

580745bee365b646de7be5b6ad13ad6818efcecc

Affected versions

0.*

0.4.2

v0.*

v0.3.0

v0.3.3

v0.3.4

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-35925.json"