CNNVD-202506-1928 Information
CNNVD ID
CNNVD-202506-1928
Related CVE
- CNNVD Published: 2025-06-16
Description (Chinese)
Weblate是Weblate开源的一个 Copyleft 的基于 web 的自由软件持续本地化系统。 Weblate 5.12之前版本存在安全漏洞,该漏洞源于第二因素验证未进行速率限制,可能导致OTP猜测。
Description (English)
Weblate is a weblate open source, a web-based free software-based localization system. There was a security loophole in the pre-Weblate 5.12 version, which stemmed from the second factor confirming that no speed limit had been applied, which could lead to OTP speculation.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Weblate
Published
2025-06-16
Last Modified
2026-02-24
References
https://hackerone.com/reports/3150564 https://github.com/WeblateOrg/weblate/security/advisories/GHSA-57jg-m997-cx3q https://github.com/WeblateOrg/weblate/pull/14918 https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.12.1 https://github.com/WeblateOrg/weblate/commit/f806293451248c5d95e45b3b507e9d158bc4f384 https://access.redhat.com/security/cve/cve-2025-47951
Patch
https://github.com/WeblateOrg/weblate/releases
Share on: