exploitDog

CVE-2025-28132

Опубликовано: 01 апр. 2025

Источник: nvd

CVSS3: 4.6

EPSS Низкий

Описание

A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing an attacker to impersonate users and perform actions on their behalf.

Ссылки

https://github.com/harshal79/Insufficient-Session-Expiration.git
Third Party Advisory
https://www.nagios.com/changelog/#network-analyzer
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nagios:nagios_network_analyzer:2024:r1.0.3*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00151

Низкий

4.6 Medium

CVSS3

Дефекты

CWE-613

Связанные уязвимости

GHSA-qrfj-w3wq-p623

CVSS3: 4.6

github

10 месяцев назад

A session management flaw in Nagios Network Analyzer 2024R1.0.3 allows an attacker to reuse session tokens even after a user logs out, leading to unauthorized access and account takeover. This occurs due to insufficient session expiration, where session tokens remain valid beyond logout, allowing an attacker to impersonate users and perform actions on their behalf.

EPSS

Процентиль: 36%

0.00151

Низкий

4.6 Medium

CVSS3

Дефекты

CWE-613