Vulnerabilities > CVE-2022-35925 - Improper Restriction of Excessive Authentication Attempts vulnerability in Joinbookwyrm Bookwyrm

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

joinbookwyrm

CWE-307

critical

NVD

Published: 2022-08-02

Updated: 2023-07-21

Summary

BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually.

Vulnerable Configurations

Part	Description	Count
Application	Joinbookwyrm Joinbookwyrm Bookwyrm - Joinbookwyrm Bookwyrm 0.0.1 Joinbookwyrm Bookwyrm 0.1.0 Joinbookwyrm Bookwyrm 0.1.1 Joinbookwyrm Bookwyrm 0.2.0 Joinbookwyrm Bookwyrm 0.2.1 Joinbookwyrm Bookwyrm 0.3.0 Joinbookwyrm Bookwyrm 0.3.1 Joinbookwyrm Bookwyrm 0.3.2 Joinbookwyrm Bookwyrm 0.3.3 Joinbookwyrm Bookwyrm 0.3.4 Joinbookwyrm Bookwyrm 0.4.0 Joinbookwyrm Bookwyrm 0.4.1 Joinbookwyrm Bookwyrm 0.4.2 Joinbookwyrm Bookwyrm 0.4.3 Joinbookwyrm Bookwyrm 0.4.4	16

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References