Описание
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
Ссылки
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
5.6 Medium
CVSS3
4.4 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies ...
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
Уязвимость сервера FreeIPA, связанная с неверным сроком действия сеанса, позволяющая нарушителю получить доступ к сеансу
EPSS
5.6 Medium
CVSS3
4.4 Medium
CVSS3
2.1 Low
CVSS2