Описание
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:orchardcore:orchard_core:1.0.0:-:*:*:*:*:*:*
cpe:2.3:a:orchardcore:orchard_core:1.0.0:beta1-3383:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00299
Низкий
8.8 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-613
CWE-613
Связанные уязвимости
github
больше 3 лет назад
In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.
EPSS
Процентиль: 53%
0.00299
Низкий
8.8 High
CVSS3
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-613
CWE-613