Lucene search
Veracode Vulnerability DatabaseVERACODE:39374HistoryFeb 22, 2023 - 1:38 a.m.
Denial Of Service (DoS)
2023-02-2201:38:32
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
denial of service
vulnerability
rate limits
application crash
password reset
email addresses
kiwi software
EPSS
0.001
Percentile
51.3%
kiwitcms is vulnerable to Denial Of Service (DoS). The vulnerability exists because the library does not impose rate limits in forms.py, allowing an attacker to cause an application crash through the password reset page by sending a large number of emails if they know the user email addresses in Kiwi.
References
github.com/kiwitcms/Kiwi/commit/761305d04f5910ba14cc04d1255a8f1afdbb87f3
github.com/kiwitcms/Kiwi/pull/3068
github.com/kiwitcms/Kiwi/security/advisories/GHSA-7j9h-3jxf-3vrf
huntr.dev/bounties/3b712cb6-3fa3-4f71-8562-7a7016c6262e
huntr.dev/bounties/3b712cb6-3fa3-4f71-8562-7a7016c6262e/
kiwitcms.org/blog/kiwi-tcms-team/2023/02/15/kiwi-tcms-120/
Related
github
github
Denial of service vulnerability on Password reset page
2023-02-15 18:10:38
osv
osv
Denial of service vulnerability on Password reset page
2023-02-15 18:10:38
CVE-2023-25171
2023-02-15 15:15:11
cve
cve
CVE-2023-25171
2023-02-15 15:15:11
nvd
nvd
CVE-2023-25171
2023-02-15 15:15:11
prion
prion
Code injection
2023-02-15 15:15:00
cvelist
cvelist