Описание
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needs-triage |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon ...
Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
Уязвимость веб-приложения для управления проектами и задачами Redmine , связанная с неверным сроком действия сеанса, позволяющая нарушителю продолжать существующие сеансы пользователя после включения двухфакторной аутентификации
5 Medium
CVSS2
7.5 High
CVSS3