CVE-2024-4596

Опубликовано: 07 мая 2024

Источник: nvd

CVSS3: 3.7

CVSS3: 6.5

CVSS2: 2.6

EPSS Низкий

Описание

A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.16.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-263318 is the identifier assigned to this vulnerability.

Ссылки

https://github.com/kimai/kimai/releases/tag/2.16.0
Release Notes
https://vuldb.com/?ctiid.263318
Permissions Required
VDB Entry
https://vuldb.com/?id.263318
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.328639
Third Party Advisory
VDB Entry
https://github.com/kimai/kimai/releases/tag/2.16.0
Release Notes
https://vuldb.com/?ctiid.263318
Permissions Required
VDB Entry
https://vuldb.com/?id.263318
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.328639
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kimai:kimai:*:*:*:*:*:*:*:*

Версия до 2.16.0 (исключая)

EPSS

Процентиль: 48%

0.00255

Низкий

3.7 Low

CVSS3

6.5 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

GHSA-6f3v-2r2j-2rpr

CVSS3: 3.7

github

почти 2 года назад

Kimai information disclosure vulnerability

EPSS

Процентиль: 48%

0.00255

Низкий

3.7 Low

CVSS3

6.5 Medium

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-200

NVD-CWE-noinfo