{"id":"CVE-2022-2166","summary":"Improper Restriction of Excessive Authentication Attempts in mastodon/mastodon","details":"Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0.","aliases":["BIT-mastodon-2022-2166"],"modified":"2026-04-10T04:43:59.652879Z","published":"2022-11-16T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2166.json","cwe_ids":["CWE-307"],"cna_assigner":"@huntrdev"},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/2f96f990-01c2-44ea-ae47-58bdb3aa455b"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/2xxx/CVE-2022-2166.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2166"},{"type":"FIX","url":"https://github.com/mastodon/mastodon/commit/21fd25a269cca742af431f0d13299e139f267346"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mastodon/mastodon","events":[{"introduced":"0"},{"fixed":"fb389bd73c8a4bc2924496f6041c8eee27572d21"}]}],"versions":["v0.1.0","v0.1.1","v0.1.2","v0.6","v0.7","v0.8","v0.9","v0.9.9","v1.0","v1.1","v1.1.1","v1.1.2","v1.2","v1.2.1","v1.2.2","v1.3","v1.3.1","v1.3.2","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.4.7","v1.4rc1","v1.4rc2","v1.4rc3","v1.4rc4","v1.4rc5","v1.4rc6","v1.5.0","v1.5.0rc1","v1.5.0rc2","v1.5.0rc3","v1.5.1","v1.6.0","v1.6.0rc1","v1.6.0rc2","v1.6.0rc3","v1.6.0rc4","v1.6.0rc5","v1.6.1","v2.0.0","v2.0.0rc1","v2.0.0rc2","v2.0.0rc3","v2.0.0rc4","v2.1.0","v2.1.0rc1","v2.1.0rc2","v2.1.0rc3","v2.1.0rc4","v2.1.0rc5","v2.1.0rc6","v2.1.1","v2.1.2","v2.1.3","v2.2.0","v2.2.0rc1","v2.2.0rc2","v2.3.0","v2.3.0rc1","v2.3.0rc2","v2.3.0rc3","v2.3.1","v2.3.1rc1","v2.3.1rc2","v2.3.1rc3","v2.3.2","v2.3.2rc1","v2.3.2rc2","v2.3.2rc3","v2.3.2rc4","v2.3.2rc5","v2.4.0","v2.4.0rc1","v2.4.0rc2","v2.4.0rc3","v2.4.0rc4","v2.4.0rc5","v2.4.1","v2.4.1rc1","v2.4.1rc2","v2.4.1rc3","v2.4.1rc4","v2.4.2","v2.4.2rc1","v2.4.2rc2","v2.4.2rc3","v2.4.3","v2.4.3rc1","v2.4.3rc2","v2.4.3rc3","v2.5.0","v2.5.0rc1","v2.5.0rc2","v2.6.0","v2.6.0rc1","v2.6.0rc2","v2.6.0rc3","v2.6.0rc4","v2.6.1","v2.7.0","v2.7.0rc1","v2.7.0rc2","v2.7.0rc3","v2.7.1","v2.8.0","v2.8.0rc1","v2.8.0rc2","v2.8.0rc3","v2.8.1","v2.8.2","v2.9.0","v2.9.0rc1","v2.9.0rc2","v2.9.1","v2.9.2","v3.0.0","v3.0.0rc1","v3.0.0rc2","v3.0.0rc3","v3.0.1","v3.1.0","v3.1.0rc1","v3.1.0rc2","v3.1.1","v3.1.2","v3.1.3","v3.1.4","v3.2.0","v3.2.0rc1","v3.2.0rc2","v3.3.0","v3.3.0rc1","v3.3.0rc2","v3.3.0rc3","v3.4.0","v3.4.0rc1","v3.4.0rc2","v3.4.1","v3.5.0","v3.5.0rc1","v3.5.0rc2","v3.5.0rc3","v3.5.1","v3.5.2","v3.5.3","v4.0.0rc1","v4.0.0rc2","v4.0.0rc3","v4.0.0rc4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2166.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/tootsuite/mastodon","events":[{"introduced":"0"},{"last_affected":"696f7b360882e71ff45b6ddafc8eea17184a0f31"},{"introduced":"0"},{"last_affected":"58fc889c6fe697da4f880cb43e75d97d3a604d79"},{"introduced":"0"},{"last_affected":"5187e4e758b0636432d984d1a95a310cac536205"},{"introduced":"0"},{"last_affected":"5e796dc6f85b37c8378fe01cfd8ac23222c89eea"},{"introduced":"0"},{"last_affected":"75299a042c8ead006a059fe13abf790580252660"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.5.5"},{"introduced":"0"},{"last_affected":"4.0.0-rc1"},{"introduced":"0"},{"last_affected":"4.0.0-rc2"},{"introduced":"0"},{"last_affected":"4.0.0-rc3"},{"introduced":"0"},{"last_affected":"4.0.0-rc4"}]}}],"versions":["v0.1.0","v0.1.1","v0.1.2","v0.6","v0.7","v0.8","v0.9","v0.9.9","v1.0","v1.1","v1.1.1","v1.1.2","v1.2","v1.2.1","v1.2.2","v1.3","v1.3.1","v1.3.2","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.4.7","v1.4rc1","v1.4rc2","v1.4rc3","v1.4rc4","v1.4rc5","v1.4rc6","v1.5.0","v1.5.0rc1","v1.5.0rc2","v1.5.0rc3","v1.5.1","v1.6.0","v1.6.0rc1","v1.6.0rc2","v1.6.0rc3","v1.6.0rc4","v1.6.0rc5","v1.6.1","v2.0.0","v2.0.0rc1","v2.0.0rc2","v2.0.0rc3","v2.0.0rc4","v2.1.0","v2.1.0rc1","v2.1.0rc2","v2.1.0rc3","v2.1.0rc4","v2.1.0rc5","v2.1.0rc6","v2.1.1","v2.1.2","v2.1.3","v2.2.0","v2.2.0rc1","v2.2.0rc2","v2.3.0","v2.3.0rc1","v2.3.0rc2","v2.3.0rc3","v2.3.1","v2.3.1rc1","v2.3.1rc2","v2.3.1rc3","v2.3.2","v2.3.2rc1","v2.3.2rc2","v2.3.2rc3","v2.3.2rc4","v2.3.2rc5","v2.4.0","v2.4.0rc1","v2.4.0rc2","v2.4.0rc3","v2.4.0rc4","v2.4.0rc5","v2.4.1","v2.4.1rc1","v2.4.1rc2","v2.4.1rc3","v2.4.1rc4","v2.4.2","v2.4.2rc1","v2.4.2rc2","v2.4.2rc3","v2.4.3","v2.4.3rc1","v2.4.3rc2","v2.4.3rc3","v2.5.0","v2.5.0rc1","v2.5.0rc2","v2.6.0","v2.6.0rc1","v2.6.0rc2","v2.6.0rc3","v2.6.0rc4","v2.6.1","v2.7.0","v2.7.0rc1","v2.7.0rc2","v2.7.0rc3","v2.7.1","v2.8.0","v2.8.0rc1","v2.8.0rc2","v2.8.0rc3","v2.8.1","v2.8.2","v2.9.0","v2.9.0rc1","v2.9.0rc2","v2.9.1","v2.9.2","v3.0.0","v3.0.0rc1","v3.0.0rc2","v3.0.0rc3","v3.0.1","v3.1.0","v3.1.0rc1","v3.1.0rc2","v3.1.1","v3.1.2","v3.1.3","v3.1.4","v3.2.0","v3.2.0rc1","v3.2.0rc2","v3.3.0","v3.3.0rc1","v3.3.0rc2","v3.3.0rc3","v3.4.0","v3.4.0rc1","v3.4.0rc2","v3.4.1","v3.5.0","v3.5.0rc1","v3.5.0rc2","v3.5.0rc3","v3.5.1","v3.5.2","v3.5.3","v3.5.4","v3.5.5","v4.0.0rc1","v4.0.0rc2","v4.0.0rc3","v4.0.0rc4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2166.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}