Описание
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Issue TrackingPatchVendor Advisory
- PatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Issue TrackingPatchVendor Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
EPSS
4.2 Medium
CVSS3
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.
EPSS
4.2 Medium
CVSS3
8.1 High
CVSS3
6.8 Medium
CVSS2