漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Kiwi TCMS has no protection against brute-force attacks on login page
Vulnerability Description
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a rate-limiting proxy in front of Kiwi TCMS.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
Kiwi TCMS 安全漏洞
Vulnerability Description
Kiwi TCMS是Kiwi TCMS开源的一个用于手动和自动测试的领先开源测试管理系统。 Kiwi TCMS 12.0 之前版本存在安全漏洞,该漏洞源于该系统没有速率限制,这使得对登录页面进行暴力攻击变得更加容易,如果攻击者知道 Kiwi TCMS 中用户的电子邮件地址,攻击者利用该漏洞发送大量电子邮件使 SMTP 资源紧张。
CVSS Information
N/A
Vulnerability Type
N/A