{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39917", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-07-02T19:37:18.602Z", "datePublished": "2024-07-12T15:24:01.307Z", "dateUpdated": "2024-08-02T04:33:11.745Z"}, "containers": {"cna": {"title": "xrdp allows an ininite number of login attempts", "problemTypes": [{"descriptions": [{"cweId": "CWE-307", "lang": "en", "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j"}, {"name": "https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f", "tags": ["x_refsource_MISC"], "url": "https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f"}], "affected": [{"vendor": "neutrinolabs", "product": "xrdp", "versions": [{"version": "<= 0.10.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-12T15:24:01.307Z"}, "descriptions": [{"lang": "en", "value": "xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be  limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts. "}], "source": {"advisory": "GHSA-7w22-h4w7-8j5j", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "neutrinolabs", "product": "xrdp", "cpes": ["cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "0.10.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-12T15:43:14.463299Z", "id": "CVE-2024-39917", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T15:45:05.246Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:33:11.745Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j"}, {"name": "https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j", "name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f", "name": "https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:33:11.745Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39917", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-12T15:43:14.463299Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:*"], "vendor": "neutrinolabs", "product": "xrdp", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "0.10.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T15:45:00.904Z"}}], "cna": {"title": "xrdp allows an ininite number of login attempts", "source": {"advisory": "GHSA-7w22-h4w7-8j5j", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "neutrinolabs", "product": "xrdp", "versions": [{"status": "affected", "version": "<= 0.10.0"}]}], "references": [{"url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j", "name": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f", "name": "https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be  limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts. "}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-307", "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-12T15:24:01.307Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39917", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:33:11.745Z", "dateReserved": "2024-07-02T19:37:18.602Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-07-12T15:24:01.307Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:neutrinolabs:xrdp:*:*:*:*:*:*:*:*", "matchCriteriaId": "86B81D51-A16A-41F1-8DD4-AA5BCDBC72BB", "versionEndExcluding": "0.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be  limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts. "}, {"lang": "es", "value": "xrdp es un servidor RDP de c\u00f3digo abierto. Las versiones de xrdp anteriores a la 0.10.0 tienen una vulnerabilidad que permite a los atacantes realizar una cantidad infinita de intentos de inicio de sesi\u00f3n. Se supone que el n\u00famero m\u00e1ximo de intentos de inicio de sesi\u00f3n est\u00e1 limitado por un par\u00e1metro de configuraci\u00f3n `MaxLoginRetry` en `/etc/xrdp/sesman.ini`. Sin embargo, este mecanismo no estaba funcionando eficazmente. Como resultado, xrdp permite una cantidad infinita de intentos de inicio de sesi\u00f3n."}], "id": "CVE-2024-39917", "lastModified": "2024-11-21T09:28:33.763", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-12T16:15:04.620", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/neutrinolabs/xrdp/commit/19c111c74c913ecc6e4ba9a738ed929a79d2ae8f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-7w22-h4w7-8j5j"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-307"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}