Описание
Camaleon CMS Insufficient Session Expiration vulnerability
Camaleon CMS 0.1.7 through 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed. Resolved in commit 77e31bc6cdde7c951fba104aebcd5ebb3f02b030 which is included in the 2.6.0.1 release.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-25970
- https://github.com/owen2345/camaleon-cms/commit/77e31bc6cdde7c951fba104aebcd5ebb3f02b030
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2021-25970.yml
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25970
Пакеты
Наименование
camaleon_cms
rubygems
Затронутые версииВерсия исправления
>= 0.1.7, < 2.6.0.1
2.6.0.1
Связанные уязвимости
CVSS3: 8.8
nvd
больше 4 лет назад
Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.