CVE-2022-0777
published 2022-03-01CVE-2022-0777: Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.22%
64.9th percentile
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microweber | microweber | < 1.3 | 1.3 |
| microweber | microweber | >= 0 < 1.3 | 1.3 |
| microweber | microweber_microweber | >= unspecified < 1.3 | 1.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv3.07.3HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rate limit missing in microweber
osv·2022-03-02
CVE-2022-0777 [HIGH] Rate limit missing in microweber
Rate limit missing in microweber
Microweber prior to version 1.3 does not rate limit password reset emails.
GHSA
Rate limit missing in microweber
ghsa·2022-03-02
CVE-2022-0777 [HIGH] CWE-640 Rate limit missing in microweber
Rate limit missing in microweber
Microweber prior to version 1.3 does not rate limit password reset emails.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/microweber/microweber/commit/a3944cf9d1d8c41a48297ddc98302934e2511b0fhttps://huntr.dev/bounties/b36be8cd-544f-42bd-990d-aa1a46df44d7https://github.com/microweber/microweber/commit/a3944cf9d1d8c41a48297ddc98302934e2511b0fhttps://huntr.dev/bounties/b36be8cd-544f-42bd-990d-aa1a46df44d7
2022-03-01
Published