GHSA-mf79-f657-47ww

Опубликовано: 20 мар. 2022

Источник: github

Github: Прошло ревью

CVSS3: 8.2

Описание

Insufficient Session Expiration in Admidio

Admidio prior to version 4.1.9 is vulnerable to insufficient session expiration. In vulnerable versions, changing the password in one session does not terminate sessions logged in with the old password, which could lead to unauthorized actors maintaining access to an account.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2022-0991
https://github.com/Admidio/admidio/issues/1238
https://github.com/admidio/admidio/commit/e84e472ebe517e2ff5795c46dc10b5f49dc4d46a
https://github.com/Admidio/admidio/releases/tag/v4.1.9
https://huntr.dev/bounties/1c406a4e-15d0-4920-8495-731c48473ba4

Пакеты

Наименование

admidio/admidio

composer

Затронутые версииВерсия исправления

< 4.1.9

4.1.9

EPSS

Процентиль: 46%

0.00237

Низкий

8.2 High

CVSS3

CVE ID

CVE-2022-0991

Дефекты

CWE-613

Связанные уязвимости

CVE-2022-0991

CVSS3: 7.1

nvd

почти 4 года назад

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.

EPSS

Процентиль: 46%

0.00237

Низкий

8.2 High

CVSS3

CVE ID

CVE-2022-0991

Дефекты

CWE-613