Описание
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.7.6 (включая) до 3.8.3 (включая)
cpe:2.3:a:arangodb:arangodb:*:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00274
Низкий
8.8 High
CVSS3
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-613
CWE-613
Связанные уязвимости
CVSS3: 8.8
debian
около 4 лет назад
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insuffic ...
github
больше 3 лет назад
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system.
EPSS
Процентиль: 50%
0.00274
Низкий
8.8 High
CVSS3
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-613
CWE-613