diff options
Diffstat (limited to 'old/preferred_providers/nc-sa-2020-033.json')
-rw-r--r-- | old/preferred_providers/nc-sa-2020-033.json | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/old/preferred_providers/nc-sa-2020-033.json b/old/preferred_providers/nc-sa-2020-033.json new file mode 100644 index 0000000..595765a --- /dev/null +++ b/old/preferred_providers/nc-sa-2020-033.json @@ -0,0 +1,31 @@ +{ + "Title": "Missing rate limit on signup page", + "Timestamp": 1596456000, + "Risk": 1, + "CVSS3": { + "score": 3.5, + "vector": "AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" + }, + "CWE": { + "id": 840, + "name": "Business Logic Errors" + }, + "HackerOne": 922470, + "Affected":[ + { + "Version":"1.8.0", + "CVE":"CVE-2020-8228", + "Operator":"<" + } + ], + "Description":"A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.", + "ActionTaken": "The error has been fixed.", + "Acknowledgment":[ + { + "Name": "Faeeq jalali", + "Mail": "faeeqjalali24@gmail.com", + "Reason": "Vulnerability discovery and disclosure." + } + ], + "Resolution": "It is recommended that the Preferred Providers app is upgraded to 1.8.0." +} |