CVE-2020-18698: Lin-CMS-Flask vulnerable to Improper Authentication

May 24, 2022 (updated September 30, 2024)

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the ’login’ function in the component app/api/cms/user.py.

References

cwe.mitre.org/data/definitions/307.html
github.com/TaleLin/lin-cms-flask
github.com/TaleLin/lin-cms-flask/issues/27
github.com/advisories/GHSA-h6r2-pgvx-683c
github.com/pypa/advisory-database/tree/main/vulns/lin-cms/PYSEC-2021-339.yaml
nvd.nist.gov/vuln/detail/CVE-2020-18698

Code Behaviors & Features

Detect and mitigate CVE-2020-18698 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →