GHSA-4m7v-wr6v-2mw5

Source

https://github.com/advisories/GHSA-4m7v-wr6v-2mw5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-4m7v-wr6v-2mw5/GHSA-4m7v-wr6v-2mw5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4m7v-wr6v-2mw5

Aliases

CVE-2023-2531

Published

2023-05-05T03:30:22Z

Modified

2024-02-16T08:02:33.996728Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

AzuraCast missing brute force prevention

Details

The request rate limiting feature on the login page of AzuraCast before version 0.18.3 can be bypassed, which could allow an attacker to brute force login credentials.

Database specific

{
    "github_reviewed_at": "2023-05-05T22:33:46Z",
    "cwe_ids": [
        "CWE-307"
    ],
    "nvd_published_at": "2023-05-05T01:15:08Z",
    "severity": "CRITICAL",
    "github_reviewed": true
}

References

Affected packages

Packagist / azuracast/azuracast

Package

Name: azuracast/azuracast
Purl: pkg:composer/azuracast/azuracast

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.18.3

Affected versions

0.*

0.3.1

0.3.2

0.3.3

0.5.0

0.6.0

0.8.0

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

0.9.4.1

0.9.4.2

0.9.5

0.9.5.1

0.9.6

0.9.6.1

0.9.6.2

0.9.6.5

0.9.7

0.9.7.1

0.9.8

0.9.8.1

0.9.9

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.11

0.11.1

0.11.2

0.12

0.12.1

0.12.2

0.12.3

0.12.4

0.13.0

0.14.0

0.14.1

0.15.0

0.15.1

0.15.2

0.16.0

0.16.1

0.17.0

0.17.1

0.17.2

0.17.3

0.17.4

0.17.5

0.17.6

0.17.7

0.18.0

0.18.1

0.18.2