Total
222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-1543 | 2023-03-21 | N/A | N/A | ||
Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6. | |||||
CVE-2023-22591 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation As A Service | 2023-03-18 | N/A | 3.2 LOW |
IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710. | |||||
CVE-2023-27891 | 1 Rami | 1 Pretix | 2023-03-14 | N/A | 7.5 HIGH |
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1. | |||||
CVE-2023-23929 | 1 Vantage6 | 1 Vantage6 | 2023-03-10 | N/A | 8.8 HIGH |
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0. | |||||
CVE-2022-48317 | 1 Tribe29 | 1 Checkmk | 2023-03-06 | N/A | 9.8 CRITICAL |
Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI. | |||||
CVE-2023-22771 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2023-03-03 | N/A | 2.4 LOW |
An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of the impacted account | |||||
CVE-2022-30699 | 2 Fedoraproject, Nlnetlabs | 2 Fedora, Unbound | 2023-02-22 | N/A | 6.5 MEDIUM |
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten. | |||||
CVE-2022-30698 | 2 Fedoraproject, Nlnetlabs | 2 Fedora, Unbound | 2023-02-22 | N/A | 6.5 MEDIUM |
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information. | |||||
CVE-2023-25562 | 1 Datahub Project | 1 Datahub | 2023-02-21 | N/A | 9.8 CRITICAL |
DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the `AuthUtils.hasValidSessionCookie()` method could be bypassed by using a cookie from a logged out session, as a result any logged out session cookie may be accepted as valid and therefore lead to an authentication bypass to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-083. | |||||
CVE-2022-34392 | 1 Dell | 1 Supportassist For Home Pcs | 2023-02-21 | N/A | 5.5 MEDIUM |
SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information. | |||||
CVE-2022-0996 | 2 Fedoraproject, Redhat | 3 Fedora, 389 Directory Server, Enterprise Linux | 2023-02-12 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. | |||||
CVE-2022-41672 | 1 Apache | 1 Airflow | 2023-02-11 | N/A | 8.1 HIGH |
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API. | |||||
CVE-2023-23614 | 1 Pi-hole | 1 Web Interface | 2023-02-06 | N/A | 8.8 HIGH |
Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to Insufficient Session Expiration. Improper use of admin WEBPASSWORD hash as "Remember me for 7 days" cookie value makes it possible for an attacker to "pass the hash" to login or reuse a theoretically expired "remember me" cookie. It also exposes the hash over the network and stores it unnecessarily in the browser. The cookie itself is set to expire after 7 days but its value will remain valid as long as the admin password doesn't change. If a cookie is leaked or compromised it could be used forever as long as the admin password is not changed. An attacker that obtained the password hash via an other attack vector (for example a path traversal vulnerability) could use it to login as the admin by setting the hash as the cookie value without the need to crack it to obtain the admin password (pass the hash). The hash is exposed over the network and in the browser where the cookie is transmitted and stored. This issue is patched in version 5.18.3. | |||||
CVE-2021-46279 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2023-02-03 | N/A | 8.8 HIGH |
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | |||||
CVE-2023-24426 | 1 Jenkins | 1 Azure Ad | 2023-02-03 | N/A | 8.8 HIGH |
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. | |||||
CVE-2023-22732 | 1 Shopware | 1 Shopware | 2023-01-24 | N/A | 9.8 CRITICAL |
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The Administration session expiration was set to one week, when an attacker has stolen the session cookie they could use it for a long period of time. In version 6.4.18.1 an automatic logout into the Administration session has been added. As a result the user will be logged out when they are inactive. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
CVE-2023-22492 | 1 Zitadel | 1 Zitadel | 2023-01-24 | N/A | 5.9 MEDIUM |
ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The deactivated or locked user was able to obtain a valid access token only through a refresh token grant. When the locked or deactivated user’s session was already terminated (“logged out”) then it was not possible to create a new session. Renewal of access token through a refresh token grant is limited to the configured amount of time (RefreshTokenExpiration). As a workaround, ensure the RefreshTokenExpiration in the OIDC settings of your instance is set according to your security requirements. This issue has been patched in versions 2.17.3 and 2.16.4. | |||||
CVE-2023-0227 | 1 Pyload | 1 Pyload | 2023-01-20 | N/A | 6.5 MEDIUM |
Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36. | |||||
CVE-2022-46177 | 1 Discourse | 1 Discourse | 2023-01-13 | N/A | 8.1 HIGH |
Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 3.0.0.beta16 on the `beta` and `tests-passed` branches, when a user requests for a password reset link email, then changes their primary email, the old reset email is still valid. When the old reset email is used to reset the password, the Discourse account's primary email would be re-linked to the old email. If the old email address is compromised or has transferred ownership, this leads to an account takeover. This is however mitigated by the SiteSetting `email_token_valid_hours` which is currently 48 hours. Users should upgrade to versions 2.8.14 or 3.0.0.beta15 to receive a patch. As a workaround, lower `email_token_valid_hours ` as needed. | |||||
CVE-2022-43844 | 2 Ibm, Redhat | 2 Robotic Process Automation For Cloud Pak, Openshift | 2023-01-11 | N/A | 8.8 HIGH |
IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081. |