Описание
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration
Cockpit before version 2.2.0 is vulnerable to Insufficient Session Expiration. The application does not validate requests after password changes, allowing a user to change their account details even after an admin changes their password.
Пакеты
Наименование
aheinze/cockpit
composer
Затронутые версииВерсия исправления
< 2.2.0
2.2.0
Связанные уязвимости
CVSS3: 9.8
nvd
больше 3 лет назад
Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.