Количество 2
Количество 2
CVE-2021-3311
An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker.
GHSA-7ggw-h8pp-r95r
October CMS Session ID not invalidated after logout
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-3311 An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker. | CVSS3: 9.8 | 2% Низкий | около 5 лет назад |
| GHSA-7ggw-h8pp-r95r October CMS Session ID not invalidated after logout | CVSS3: 9.8 | 2% Низкий | почти 5 лет назад |
Уязвимостей на страницу