GHSA-377j-wj38-4728

Source

https://github.com/advisories/GHSA-377j-wj38-4728

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-377j-wj38-4728/GHSA-377j-wj38-4728.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-377j-wj38-4728

Aliases

CVE-2025-58352

Published

2025-09-04T14:06:15Z

Modified

2025-09-05T17:00:31.536372Z

Severity

2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Weblate has a long session expiry when verifying second factor

Details

Impact

The verification of the second factor had too long a session expiry. The long session expiry could be used to circumvent rate limiting of the second factor.

Patches

This issue has been addressed in Weblate 5.13.1 via https://github.com/WeblateOrg/weblate/pull/16002.

References

Thanks to Nahid Hasan Limon for reporting this issue responsibly.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-04T14:06:15Z",
    "severity": "LOW",
    "nvd_published_at": "2025-09-05T00:15:32Z",
    "cwe_ids": [
        "CWE-613"
    ]
}

References

Affected packages

PyPI / weblate

Package

Name: weblate; View open source insights on deps.dev
Purl: pkg:pypi/weblate

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.13.1

Affected versions

1.*

1.9

2.*

2.0

2.1

2.2

2.3

2.4

2.5

2.6

2.7

2.8

2.9

2.10

2.10.1

2.11

2.12

2.13

2.13.1

2.14

2.14.1

2.15

2.16

2.17

2.17.1

2.18

2.19

2.19.1

2.20

3.*

3.0

3.0.1

3.1

3.1.1

3.2

3.2.1

3.2.2

3.3

3.4

3.5

3.5.1

3.6

3.6.1

3.7

3.7.1

3.8

3.9

3.9.1

3.10

3.10.1

3.10.2

3.10.3

3.11

3.11.1

3.11.2

3.11.3

4.*

4.0

4.0.1

4.0.2

4.0.3

4.0.4

4.1

4.1.1

4.2

4.2.1

4.2.2

4.3

4.3.1

4.3.2

4.4

4.4.1

4.4.2

4.5

4.5.1

4.5.2

4.5.3

4.6

4.6.1

4.6.2

4.7

4.7.1

4.7.2

4.8

4.8.1

4.9

4.9.1

4.10

4.10.1

4.11

4.11.1

4.11.2

4.12

4.12.1

4.12.2

4.13

4.13.1

4.14

4.14.1

4.14.2

4.15

4.15.1

4.15.2

4.16

4.16.1

4.16.2

4.16.3

4.16.4

4.17

4.18

4.18.1

4.18.2

5.*

5.0

5.0.1

5.0.2

5.1

5.1.1

5.2

5.2.1

5.3

5.3.1

5.4

5.4.1

5.4.2

5.4.3

5.5

5.5.2

5.5.3

5.5.4

5.5.5

5.6

5.6.1

5.6.2

5.7

5.7.1

5.7.2

5.8.1

5.8.2

5.8.3

5.8.4

5.9.dev0

5.9.1

5.9.2

5.10

5.10.1

5.10.2

5.10.3

5.10.4

5.11

5.11.1

5.11.3

5.11.4

5.12.1

5.12.2

5.13

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-377j-wj38-4728/GHSA-377j-wj38-4728.json"