CVE-2022-3993

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-3993
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/kareadita/kavita/commit/f8db37d3f9aa42d47e7c4f4ca839e892d3f97afb Patch Third Party Advisory
https://huntr.dev/bounties/bebd0cd6-18ec-469c-b6ca-19ffa9db0699 Exploit Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:kavitareader:kavita:*:*:*:*:*:*:*:*
History

07 Nov 2023, 03:52

Type Values Removed Values Added
CWE CWE-862
Summary Missing Authorization in GitHub repository kareadita/kavita prior to 0.6.0.3. Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3.

29 Jun 2023, 09:15

Type Values Removed Values Added
CWE CWE-307 CWE-862
Summary Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. Missing Authorization in GitHub repository kareadita/kavita prior to 0.6.0.3.

27 Jun 2023, 19:27

Type Values Removed Values Added
CWE CWE-287 CWE-307

17 Nov 2022, 22:14

Type Values Removed Values Added
CWE CWE-287
References (CONFIRM) https://huntr.dev/bounties/bebd0cd6-18ec-469c-b6ca-19ffa9db0699 - (CONFIRM) https://huntr.dev/bounties/bebd0cd6-18ec-469c-b6ca-19ffa9db0699 - Exploit, Patch, Third Party Advisory
References (MISC) https://github.com/kareadita/kavita/commit/f8db37d3f9aa42d47e7c4f4ca839e892d3f97afb - (MISC) https://github.com/kareadita/kavita/commit/f8db37d3f9aa42d47e7c4f4ca839e892d3f97afb - Patch, Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
First Time Kavitareader kavita
Kavitareader
CPE cpe:2.3:a:kavitareader:kavita:*:*:*:*:*:*:*:*

14 Nov 2022, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-11-14 18:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-3993

Mitre link : CVE-2022-3993

CVE.ORG link : CVE-2022-3993

JSON object : View

Products Affected

kavitareader

  • kavita
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts