Vulnerability Description
BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joinbookwyrm | Bookwyrm | < 0.4.5 |
Related Weaknesses (CWE)
References
- https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-jvp3-mqv8-5Third Party Advisory
- https://huntr.dev/bounties/ebee593d-3fd0-4985-bf5e-7e7927e08bf6/ExploitThird Party Advisory
- https://www.github.com/bookwyrm-social/bookwyrm/commit/7bbe42fb30a79a26115524d18PatchThird Party Advisory
- https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-jvp3-mqv8-5Third Party Advisory
- https://huntr.dev/bounties/ebee593d-3fd0-4985-bf5e-7e7927e08bf6/ExploitThird Party Advisory
- https://www.github.com/bookwyrm-social/bookwyrm/commit/7bbe42fb30a79a26115524d18PatchThird Party Advisory
FAQ
What is CVE-2022-35925?
CVE-2022-35925 is a vulnerability with a CVSS score of 5.3 (MEDIUM). BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in ver...
How severe is CVE-2022-35925?
CVE-2022-35925 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-35925?
Check the references section above for vendor advisories and patch information. Affected products include: Joinbookwyrm Bookwyrm.