GHSA-ph6g-6v8w-8p6m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-ph6g-6v8w-8p6m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-ph6g-6v8w-8p6m/GHSA-ph6g-6v8w-8p6m.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-ph6g-6v8w-8p6m
- Aliases
- Published
- 2023-04-28T15:30:19Z
- Modified
- 2025-01-30T21:57:39.117821Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- Missing rate limit for password resets
- Details
-
Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.
- Database specific
{ "severity": "MODERATE", "github_reviewed": true, "nvd_published_at": "2023-04-28T14:15:10Z", "github_reviewed_at": "2023-05-01T14:00:32Z", "cwe_ids": [ "CWE-640" ] }- References
Affected packages
Packagist / concrete5/concrete5
Package
- Name
- concrete5/concrete5
- Purl
- pkg:composer/concrete5/concrete5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.1.0
Affected versions
8.*
8.0
8.0.1
8.0.2
8.0.3
8.1.0
8.2.0RC2
8.2.0
8.2.1
8.3.0
8.3.1
8.3.2
8.4.0RC3
8.4.0RC4
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5.0RC1
8.5.0RC2
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.5.6RC1
8.5.6
8.5.7
8.5.8
8.5.9
8.5.10
8.5.11
8.5.12
8.5.13
8.5.14
8.5.15
8.5.16
8.5.17
8.5.18
8.5.19
9.*
9.0.0RC1
9.0.0RC3
9.0.0RC4
9.0.0
9.0.1
9.0.2