Home > Vulnerability Database > CVE-2023-46745

Mend.io Vulnerability Database

CVE-2023-46745

Good to know:

Date: November 17, 2023

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: PHP

Severity Score

5.3

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-46745

Url: https://github.com/librenms/librenms/releases/tag/23.11.0

Url: https://github.com/librenms/librenms/commit/7c006e96251ae1d32e1a015b361a7bfbb815c028

Url: https://github.com/librenms/librenms/security/advisories/GHSA-rq42-58qf-v3qx

Url: https://github.com/librenms/librenms

Url: https://github.com/librenms/librenms/pull/15558

Url: https://www.mend.io/vulnerability-database/CVE-2023-46745

Severity Score

5.3

Weakness Type (CWE)

Improper Restriction of Excessive Authentication Attempts

CWE-307

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version 23.11.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-46745

Good to know:

Date: November 17, 2023

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?