exploitDog

CVE-2020-23140

Опубликовано: 09 нояб. 2020

Источник: nvd

CVSS3: 8.1

CVSS2: 5.8

EPSS Низкий

Описание

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.

Ссылки

https://gist.github.com/virendratiwari03/bddafb3cd82dde8202bd056d340d3e36
Third Party Advisory
https://gist.github.com/virendratiwari03/bddafb3cd82dde8202bd056d340d3e36
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microweber:microweber:1.1.18:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00271

Низкий

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-613

Связанные уязвимости

GHSA-53hq-pwc4-h68h

github

больше 3 лет назад

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.

EPSS

Процентиль: 50%

0.00271

Низкий

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-613