CVE-2023-23755Improper Restriction of Excessive Authentication Attempts in Joomla !

CWE-307Improper Restriction of Excessive Authentication Attempts3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 99.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Joomla !Joomla! Project Joomla! CMS
Timeline
PublishedMay 30

Description

An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDjoomla/joomla_!4.2.04.3.2
CVEListV5joomla!_project/joomla!_cms4.2.0-4.3.1

🔴Vulnerability Details

2
GHSA
GHSA-6v7h-6fvv-974m: An issue was discovered in Joomla! 42023-05-30
CVEList
[20230502] - Core - Bruteforce prevention within the mfa screen2023-05-30
CVE-2023-23755 — Joomla ! vulnerability | cvebase