What is CVE-2022-39314?

CVE-2022-39314 is a medium-severity vulnerability in Getkirby Kirby, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 4.8/10. Published 2022-10-24.

How severe is CVE-2022-39314?

Medium severity. CVSS v3 base score is 4.8 out of 10.

Vulnerability in Getkirby Kirby

CVE-2022-39314

Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, Kirby is subject to user enumeration due to Improper Restriction of Excessive Authentication Attempts. This vulnerability affects you only if you are usin…

EPSS: 0.002 (42.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Getkirby Kirby — versions >= 3.5.0, < 3.5.8.2, >= 2.6.0, < 3.6.6.2, >= 3.7.0, <3.7.5.1

Weakness classification (CWE)

CWE-307 — Improper Restriction of Excessive Authentication Attempts

References

https://github.com/getkirby/kirby/security/advisories/GHSA-43qq-qw4x-28f8 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-39314?: CVE-2022-39314 is a medium-severity vulnerability in Getkirby Kirby, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 4.8/10. Published 2022-10-24.
How severe is CVE-2022-39314?: Medium severity. CVSS v3 base score is 4.8 out of 10.