Windmill HTTP Request Handler Vulnerability: Unrestricted Authentication Attacks Possible
CVE-2024-8462

3.7LOW

Key Information:

Vendor
Windmill
Status
Windmill
Vendor
CVE Published:
5 September 2024

Summary

A problematic vulnerability has been identified within the Windmill application, specifically affecting an unknown function in the HTTP Request Handler component located in the backend. This flaw allows for improper restrictions on excessive authentication attempts, potentially enabling attackers to exploit the system remotely. Although the complexity of the attack is considered high, it poses significant risks to the security of user data. Affected users should upgrade to version 1.390.1, which contains a critical patch addressing this issue.

Affected Version(s)

Windmill 1.380.0

References

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

DeepCove (VulDB User)
.