CVE-2022-2651
published 2022-08-04CVE-2022-2651: Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
11.38%
95.5th percentile
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bookwyrm-social | bookwyrm-social_bookwyrm | >= unspecified < 0.4.5 | 0.4.5 |
| joinbookwyrm | bookwyrm | < 0.4.5 | 0.4.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for high-frequency repeated POST requests to the /confirm-email endpoint from a single source, indicating OTP brute-force attempts against email verification. ↗
- →Alert on account creation events where the registering email matches an existing or victim-controlled address, followed immediately by rapid OTP submission attempts to /confirm-email. ↗
- →Absence of rate-limit enforcement on the /confirm-email endpoint is the exploitable condition; detect by observing no HTTP 429 responses across many sequential OTP submissions from the same IP. ↗
- ·Vulnerability affects Bookwyrm versions up to and including 0.4.3; instances must be upgraded to 0.4.5 or later to remediate. ↗
- ·The exploit relies entirely on the absence of rate-limiting on the OTP confirmation endpoint; any deployment without rate-limit middleware on /confirm-email is vulnerable regardless of other controls. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/168423/Bookwyrm-0.4.3-Authentication-Bypass.htmlhttps://github.com/bookwyrm-social/bookwyrm/commit/7bbe42fb30a79a26115524d18b697d895563c92fhttps://huntr.dev/bounties/428eee94-f1a0-45d0-9e25-318641115550http://packetstormsecurity.com/files/168423/Bookwyrm-0.4.3-Authentication-Bypass.htmlhttps://github.com/bookwyrm-social/bookwyrm/commit/7bbe42fb30a79a26115524d18b697d895563c92fhttps://huntr.dev/bounties/428eee94-f1a0-45d0-9e25-318641115550
2022-08-04
Published