CVE-2023-2531
CRITICAL9.8EPSS 0.37%AzuraCast missing brute force prevention
Published: 5/5/2023Modified: 2/16/2024
Also known as:GHSA-4m7v-wr6v-2mw5
Description
The request rate limiting feature on the login page of AzuraCast before version 0.18.3 can be bypassed, which could allow an attacker to brute force login credentials.
Affected packages (1)
- Packagist/azuracast/azuracastfrom 0, < 0.18.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |