How severe is CVE-2022-39314?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2022-39314?

This is classified as CWE-307, which is a common weakness in software security.

CVE-2022-39314 - MEDIUM Severity | CVSS 4.8

Vulnerability Description

Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are using the `code` or `password-reset` auth method with the `auth.methods` option or if you have enabled the `debug` option in production. By using two or more IP addresses and multiple login attempts, valid user accounts will lock, but invalid accounts will not, leading to account enumeration. This issue has been patched in versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1. If you cannot update immediately, you can work around the issue by setting the `auth.methods` option to `password`, which disables the code-based login and password reset forms.

Related Vulnerabilities

CVE-2024-51720

MEDIUM

CVSS:4.8(Medium)

An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-con...

CWE-3072024

CVE-2025-3129

MEDIUM

CVSS:4.8(Medium)

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.4.

CWE-3072025

CVE-2019-5217

MEDIUM

CVSS:4.6(Medium)

There is an information disclosure vulnerability on Mate 9 Pro Huawei smartphones versions earlier than LON-AL00B9.0.1.150 (C00E61R1P8T8). An attacker could view the photos after a series of operation...

CWE-3072019

CVE-2019-5309

MEDIUM

CVSS:4.6(Medium)

Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P1T8) have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of...

CWE-3072019

CVE-2022-25820

MEDIUM

CVSS:4.6(Medium)

A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.

CWE-3072022

CVE-2022-28386

MEDIUM

CVSS:4.6(Medium)

An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as speci...

CWE-3072022