CVE-2021-42948

Опубликовано: 16 сент. 2022

Источник: debian

EPSS Низкий

Описание

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
hoteldruid	fixed	3.0.4-1		package
hoteldruid	no-dsa		bullseye	package
hoteldruid	no-dsa		buster	package
hoteldruid	no-dsa		stretch	package

EPSS

Процентиль: 40%

0.00185

Низкий

Связанные уязвимости

CVE-2021-42948

CVSS3: 3.7

ubuntu

больше 3 лет назад

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.

CVE-2021-42948

CVSS3: 3.7

nvd

больше 3 лет назад

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.

GHSA-q4wp-vrv8-q2xh

CVSS3: 3.7

github

больше 3 лет назад

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.

EPSS

Процентиль: 40%

0.00185

Низкий