CWE-613
Allowed-with-ReviewInsufficient Session Expiration
Abstraction: Base · Status: Incomplete
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
875 vulnerabilities reference this CWE, most recent first.
GHSA-QX8P-7XC2-FW37
Vulnerability from github – Published: 2022-05-14 03:41 – Updated: 2022-05-14 03:41Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.
{
"affected": [],
"aliases": [
"CVE-2017-15653"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-31T20:29:00Z",
"severity": "HIGH"
},
"details": "Improper administrator IP validation after his login in the HTTPd server in all current versions (\u003c= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.",
"id": "GHSA-qx8p-7xc2-fw37",
"modified": "2022-05-14T03:41:35Z",
"published": "2022-05-14T03:41:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15653"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QXF7-8J2M-38VQ
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
{
"affected": [],
"aliases": [
"CVE-2020-6649"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-08T16:15:00Z",
"severity": "CRITICAL"
},
"details": "An insufficient session expiration vulnerability in FortiNet\u0027s FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)",
"id": "GHSA-qxf7-8j2m-38vq",
"modified": "2022-05-24T17:41:17Z",
"published": "2022-05-24T17:41:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6649"
},
{
"type": "WEB",
"url": "https://fortiguard.com/advisory/FG-IR-20-011"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QXQ9-GF25-F986
Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-04-20 15:31Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password.
{
"affected": [],
"aliases": [
"CVE-2025-15553"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-16T14:17:56Z",
"severity": "MODERATE"
},
"details": "Non-working logout functionality in Truesec\u2019s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password.",
"id": "GHSA-qxq9-gf25-f986",
"modified": "2026-04-20T15:31:51Z",
"published": "2026-03-16T15:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15553"
},
{
"type": "WEB",
"url": "https://labs.reversec.com/advisories/2026/03/insecure-logout-functionality-in-truesec-lapswebui"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-QXV6-WCR6-HH88
Vulnerability from github – Published: 2022-10-06 18:52 – Updated: 2022-10-07 18:15In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token
{
"affected": [],
"aliases": [
"CVE-2022-2783"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-06T18:15:00Z",
"severity": "MODERATE"
},
"details": "In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token",
"id": "GHSA-qxv6-wcr6-hh88",
"modified": "2022-10-07T18:15:43Z",
"published": "2022-10-06T18:52:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2783"
},
{
"type": "WEB",
"url": "https://advisories.octopus.com/post/2022/sa2022-17"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R2QV-R4VQ-J8MM
Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2022-06-11 00:00BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).
{
"affected": [],
"aliases": [
"CVE-2022-30277"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-02T14:15:00Z",
"severity": "MODERATE"
},
"details": "BD Synapsys\u2122, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII).",
"id": "GHSA-r2qv-r4vq-j8mm",
"modified": "2022-06-11T00:00:36Z",
"published": "2022-06-03T00:01:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30277"
},
{
"type": "WEB",
"url": "https://cybersecurity.bd.com/bulletins-and-patches/bd-synapsys-insufficient-session-expiration"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R2RQ-3H56-FQM4
Vulnerability from github – Published: 2022-05-14 01:14 – Updated: 2023-10-06 17:48An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.48"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.41"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"fixed": "3.3.17"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "3.4.0"
},
{
"fixed": "3.4.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/http-foundation"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.48"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/http-foundation"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.41"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/http-foundation"
},
"ranges": [
{
"events": [
{
"introduced": "3.3.0"
},
{
"fixed": "3.3.17"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/http-foundation"
},
"ranges": [
{
"events": [
{
"introduced": "3.4.0"
},
{
"fixed": "3.4.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/http-foundation"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-11386"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-25T17:48:01Z",
"nvd_published_at": "2018-06-13T16:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.",
"id": "GHSA-r2rq-3h56-fqm4",
"modified": "2023-10-06T17:48:16Z",
"published": "2022-05-14T01:14:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11386"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/symfony/symfony"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH"
},
{
"type": "WEB",
"url": "https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler"
},
{
"type": "WEB",
"url": "https://symfony.com/cve-2018-11386"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4262"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Symfony DoS"
}
GHSA-R3XH-3R3W-47GP
Vulnerability from github – Published: 2026-02-12 15:29 – Updated: 2026-02-12 22:07Summary
When running FrankenPHP in worker mode, the $_SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $_SESSION data of the previous request (potentially belonging to a different user) before session_start() is called.
Details
In standard PHP execution, the environment is torn down completely after every request. In FrankenPHP's worker mode, the application stays in memory, and superglobals are manually reset between requests.
The vulnerability exists because $_SESSION is stored in the Zend Engine's symbol table (EG(symbol_table)). While the standard PHP request shutdown (RSHUTDOWN) decrements the reference count of the session data, it does not remove the $_SESSION variable itself from the symbol table. FrankenPHP's reset logic (frankenphp_reset_super_globals) previously cleared other superglobals but failed to explicitly delete $_SESSION.
Consequently, until session_start() is called in the new request (which re-initializes the variable), the $_SESSION array retains the data from the previous request processed by that specific worker thread.
Impact
This is a cross-request data leakage vulnerability.
- Confidentiality: If an application reads
$_SESSIONbefore callingsession_start(), it can access sensitive information (authentication tokens, user IDs, PII) belonging to the previous user. - Logic Errors / Impersonation: If application logic relies on
$_SESSIONbeing empty or unset to detect a "guest" state, or checks for specific keys in$_SESSIONprior to session initialization, a malicious actor (or accidental race condition) could trigger privilege escalation or user impersonation.
This affects only users running FrankenPHP in worker mode and not session_start() for each request, which is done by default by most frameworks.
PoC
The following steps demonstrate the issue (derived from the regression tests added in the fix):
- Client A sends a request that starts a session and sets sensitive data:
// Request 1
session_start();
$_SESSION['secret'] = 'AliceData';
session_write_close();
- Client B (or the same client without cookies) sends a request to the same worker. This script checks
$_SESSIONwithout starting a session:
// Request 2
// session_start() is NOT called
if (!empty($_SESSION)) {
echo "Leaked Data: " . $_SESSION['secret'];
}
- Result: Client B receives "Leaked Data: AliceData".
Workarounds
- Ensure
session_start()is called immediately at the entry point of your worker script to overwrite any residual data (though this may not cover all edge cases if middleware runs before the controller). - Manually unset
$_SESSIONat the very beginning of the worker loop, before handling the request.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/dunglas/frankenphp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.11.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-24894"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-384",
"CWE-613"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-12T15:29:30Z",
"nvd_published_at": "2026-02-12T20:16:10Z",
"severity": "HIGH"
},
"details": "### Summary\n\nWhen running FrankenPHP in **worker mode**, the `$_SESSION` superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the `$_SESSION` data of the previous request (potentially belonging to a different user) before `session_start()` is called.\n\n### Details\n\nIn standard PHP execution, the environment is torn down completely after every request. In FrankenPHP\u0027s worker mode, the application stays in memory, and superglobals are manually reset between requests.\n\nThe vulnerability exists because `$_SESSION` is stored in the Zend Engine\u0027s symbol table (`EG(symbol_table)`). While the standard PHP request shutdown (RSHUTDOWN) decrements the reference count of the session data, it does not remove the `$_SESSION` variable itself from the symbol table. FrankenPHP\u0027s reset logic (`frankenphp_reset_super_globals`) previously cleared other superglobals but failed to explicitly delete `$_SESSION`.\n\nConsequently, until `session_start()` is called in the new request (which re-initializes the variable), the `$_SESSION` array retains the data from the previous request processed by that specific worker thread.\n\n### Impact\n\nThis is a **cross-request data leakage** vulnerability.\n\n* **Confidentiality:** If an application reads `$_SESSION` before calling `session_start()`, it can access sensitive information (authentication tokens, user IDs, PII) belonging to the previous user.\n* **Logic Errors / Impersonation:** If application logic relies on `$_SESSION` being empty or unset to detect a \"guest\" state, or checks for specific keys in `$_SESSION` prior to session initialization, a malicious actor (or accidental race condition) could trigger privilege escalation or user impersonation.\n\nThis affects only users running FrankenPHP in **worker mode** and not `session_start()` for each request, which is done by default by most frameworks.\n\n### PoC\n\nThe following steps demonstrate the issue (derived from the regression tests added in the fix):\n\n1. **Client A** sends a request that starts a session and sets sensitive data:\n\n```php\n// Request 1\nsession_start();\n$_SESSION[\u0027secret\u0027] = \u0027AliceData\u0027;\nsession_write_close();\n```\n\n2. **Client B** (or the same client without cookies) sends a request to the same worker. This script checks `$_SESSION` *without* starting a session:\n\n```php\n// Request 2\n// session_start() is NOT called\nif (!empty($_SESSION)) {\n echo \"Leaked Data: \" . $_SESSION[\u0027secret\u0027];\n}\n```\n\n\n3. **Result:** Client B receives \"Leaked Data: AliceData\".\n\n### Workarounds\n\n* Ensure `session_start()` is called immediately at the entry point of your worker script to overwrite any residual data (though this may not cover all edge cases if middleware runs before the controller).\n* Manually unset `$_SESSION` at the very beginning of the worker loop, before handling the request.",
"id": "GHSA-r3xh-3r3w-47gp",
"modified": "2026-02-12T22:07:50Z",
"published": "2026-02-12T15:29:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/php/frankenphp/security/advisories/GHSA-r3xh-3r3w-47gp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24894"
},
{
"type": "WEB",
"url": "https://github.com/php/frankenphp/commit/24d6c991a7761b638190eb081deae258143e9735"
},
{
"type": "PACKAGE",
"url": "https://github.com/php/frankenphp"
},
{
"type": "WEB",
"url": "https://github.com/php/frankenphp/releases/tag/v1.11.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "FrankenPHP leaks session data between requests in worker mode"
}
GHSA-R4R6-J2J3-7PP5
Vulnerability from github – Published: 2024-04-09 16:15 – Updated: 2024-04-09 21:12Impact
When a front end member changes their password, the corresponding remember-me tokens are not removed.
Patches
Update to Contao 4.13.40.
Workarounds
Disable "Allow auto login" in the login module.
References
https://contao.org/en/security-advisories/remember-me-tokens-are-not-cleared-after-a-password-change
For more information
If you have any questions or comments about this advisory, open an issue in contao/contao.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "contao/core-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.13.40"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-30262"
],
"database_specific": {
"cwe_ids": [
"CWE-384",
"CWE-613"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-09T16:15:06Z",
"nvd_published_at": "2024-04-09T17:16:02Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nWhen a front end member changes their password, the corresponding remember-me tokens are not removed.\n\n### Patches\n\nUpdate to Contao 4.13.40.\n\n### Workarounds\n\nDisable \"Allow auto login\" in the login module.\n\n### References\n\nhttps://contao.org/en/security-advisories/remember-me-tokens-are-not-cleared-after-a-password-change\n\n### For more information\n\nIf you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).",
"id": "GHSA-r4r6-j2j3-7pp5",
"modified": "2024-04-09T21:12:19Z",
"published": "2024-04-09T16:15:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/contao/contao/security/advisories/GHSA-r4r6-j2j3-7pp5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30262"
},
{
"type": "WEB",
"url": "https://github.com/contao/contao/commit/3032baa456f607169ffae82a8920354adb338fe9"
},
{
"type": "WEB",
"url": "https://contao.org/en/security-advisories/remember-me-tokens-are-not-cleared-after-a-password-change"
},
{
"type": "PACKAGE",
"url": "https://github.com/contao/contao"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Contao: Remember-me tokens will not be cleared after a password change"
}
GHSA-R568-9M64-GFRV
Vulnerability from github – Published: 2022-05-24 17:10 – Updated: 2024-04-04 02:48SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.
{
"affected": [],
"aliases": [
"CVE-2020-6178"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-10T21:15:00Z",
"severity": "MODERATE"
},
"details": "SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.",
"id": "GHSA-r568-9m64-gfrv",
"modified": "2024-04-04T02:48:58Z",
"published": "2022-05-24T17:10:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6178"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/2880664"
},
{
"type": "WEB",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R5HH-FV95-JJXP
Vulnerability from github – Published: 2024-02-09 03:33 – Updated: 2024-02-09 03:33IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749.
{
"affected": [],
"aliases": [
"CVE-2023-45187"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-09T01:15:08Z",
"severity": "MODERATE"
},
"details": "IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749.",
"id": "GHSA-r5hh-fv95-jjxp",
"modified": "2024-02-09T03:33:10Z",
"published": "2024-02-09T03:33:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45187"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268749"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7116045"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Set sessions/credentials expiration date.
No CAPEC attack patterns related to this CWE.