CVE-2022-3993

Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.dev/bounties/bebd0cd6-18ec-469c-b6ca-19ffa9db0699	Exploit Patch Third Party Advisory
https://github.com/kareadita/kavita/commit/f8db37d3f9aa42d47e7c4f4ca839e892d3f97afb	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:kavitareader:kavita:*:*:*:*:*:*:*:*

History

07 Nov 2023, 03:52

Type	Values Removed	Values Added
Summary	~~Missing Authorization in GitHub repository kareadita/kavita prior to 0.6.0.3.~~	Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3.
CWE	~~CWE-862~~

29 Jun 2023, 09:15

Type	Values Removed	Values Added
Summary	~~Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.~~	Missing Authorization in GitHub repository kareadita/kavita prior to 0.6.0.3.
CWE	~~CWE-307~~	CWE-862

27 Jun 2023, 19:27

Type	Values Removed	Values Added
CWE	~~CWE-287~~	CWE-307

Information

Published : 2022-11-14 18:15

Updated : 2023-11-07 03:52

NVD link : CVE-2022-3993

Mitre link : CVE-2022-3993

JSON object : View

Products Affected

kavitareader

kavita

CWE

No CWE.

9.8 /10