CVE-2019-15929

Published October 24th, 2019

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

MEDIUM

Affected

PROJECT

Description

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.

craftcms/cms

Build bespoke content experiences with Craft.

GitHub

3.58K