CVE-2021-37866

Опубликовано: 18 янв. 2022

Источник: nvd

CVSS3: 4.7

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization.

Ссылки

https://mattermost.com/security-updates/
Vendor Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-37866
Exploit
Third Party Advisory
https://mattermost.com/security-updates/
Vendor Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-37866
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mattermost:mattermost_boards:*:*:*:*:*:*:*:*

Версия до 0.10.0 (включая)

EPSS

Процентиль: 41%

0.0019

Низкий

4.7 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-613

Связанные уязвимости

GHSA-g28x-633f-r8qf

github

около 4 лет назад

Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization.

EPSS

Процентиль: 41%

0.0019

Низкий

4.7 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-613