CVE-2021-25970

Опубликовано: 20 окт. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.

Ссылки

https://github.com/owen2345/camaleon-cms/commit/77e31bc6cdde7c951fba104aebcd5ebb3f02b030
Patch
Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25970
Third Party Advisory
https://github.com/owen2345/camaleon-cms/commit/77e31bc6cdde7c951fba104aebcd5ebb3f02b030
Patch
Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25970
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tuzitio:camaleon_cms:*:*:*:*:*:*:*:*

Версия от 0.1.7 (включая) до 2.6.0 (включая)

EPSS

Процентиль: 72%

0.00702

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-613

Связанные уязвимости

GHSA-438x-2p9v-g8h9