Windmill HTTP Request Handler Vulnerability: Unrestricted Authentication Attacks Possible
CVE-2024-8462
3.7LOW
Key Information:
- Vendor
- Windmill
- Status
- Windmill
- Vendor
- CVE Published:
- 5 September 2024
Summary
A problematic vulnerability has been identified within the Windmill application, specifically affecting an unknown function in the HTTP Request Handler component located in the backend. This flaw allows for improper restrictions on excessive authentication attempts, potentially enabling attackers to exploit the system remotely. Although the complexity of the attack is considered high, it poses significant risks to the security of user data. Affected users should upgrade to version 1.390.1, which contains a critical patch addressing this issue.
Affected Version(s)
Windmill 1.380.0
References
CVSS V3.1
Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
DeepCove (VulDB User)