Common Weakness Enumeration

CWE-613

Allowed-with-Review

Insufficient Session Expiration

Abstraction: Base · Status: Incomplete

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

874 vulnerabilities reference this CWE, most recent first.

GHSA-VJQC-G788-F378

Vulnerability from github – Published: 2024-02-20 12:31 – Updated: 2024-02-23 15:16
VLAI
Summary
Session Fixation Apache DolphinScheduler
Details

Session Fixation Apache DolphinScheduler before version 3.2.1, which session is still valid after the password change.

Users are recommended to upgrade to version 3.2.1, which fixes this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.dolphinscheduler:dolphinscheduler"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.3.8"
            },
            {
              "fixed": "3.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-50270"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-21T00:21:28Z",
    "nvd_published_at": "2024-02-20T10:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Session Fixation Apache DolphinScheduler before version 3.2.1, which session is still valid after the password change.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes this issue.",
  "id": "GHSA-vjqc-g788-f378",
  "modified": "2024-02-23T15:16:50Z",
  "published": "2024-02-20T12:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50270"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/dolphinscheduler/pull/15219"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/dolphinscheduler"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2024/02/20/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/02/20/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Session Fixation Apache DolphinScheduler"
}

GHSA-VJXW-62PR-VRFG

Vulnerability from github – Published: 2023-12-25 06:30 – Updated: 2024-09-09 21:31
VLAI
Details

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-51772"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-25T06:15:08Z",
    "severity": "HIGH"
  },
  "details": "One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\\SYSTEM.",
  "id": "GHSA-vjxw-62pr-vrfg",
  "modified": "2024-09-09T21:31:21Z",
  "published": "2023-12-25T06:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51772"
    },
    {
      "type": "WEB",
      "url": "https://sec-consult.com/vulnerability-lab/advisory/kiosk-escape-privilege-escalation-one-identity-password-manager-secure-password-extension"
    },
    {
      "type": "WEB",
      "url": "https://www.oneidentity.com/products/password-manager"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VM6P-35RW-3FXC

Vulnerability from github – Published: 2022-08-09 00:00 – Updated: 2022-08-18 19:14
VLAI
Summary
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration
Details

Cockpit before version 2.2.0 is vulnerable to Insufficient Session Expiration. The application does not validate requests after password changes, allowing a user to change their account details even after an admin changes their password.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "aheinze/cockpit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-2713"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-08-18T19:14:08Z",
    "nvd_published_at": "2022-08-08T15:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Cockpit before version 2.2.0 is vulnerable to Insufficient Session Expiration. The application does not validate requests after password changes, allowing a user to change their account details even after an admin changes their password.",
  "id": "GHSA-vm6p-35rw-3fxc",
  "modified": "2022-08-18T19:14:08Z",
  "published": "2022-08-09T00:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2713"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cockpit-hq/cockpit/commit/dd8d0314912fa6517ebd2cc9939d9fafbe68731b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cockpit-hq/cockpit"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/3080fc96-75d7-4868-84de-9fc8c9b90290"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration"
}

GHSA-VP66-GF7W-9M4X

Vulnerability from github – Published: 2024-02-17 06:30 – Updated: 2024-02-20 23:47
VLAI
Summary
Insufficient Session Expiration in github.com/greenpau/caddy-security
Details

All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/greenpau/caddy-security"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.1.23"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21492"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-20T23:47:50Z",
    "nvd_published_at": "2024-02-17T05:15:08Z",
    "severity": "MODERATE"
  },
  "details": "All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the \"Sign Out\" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user.",
  "id": "GHSA-vp66-gf7w-9m4x",
  "modified": "2024-02-20T23:47:50Z",
  "published": "2024-02-17T06:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21492"
    },
    {
      "type": "WEB",
      "url": "https://github.com/greenpau/caddy-security/issues/272"
    },
    {
      "type": "WEB",
      "url": "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5920787"
    },
    {
      "type": "PACKAGE",
      "url": "github.com/greenpau/caddy-security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insufficient Session Expiration in github.com/greenpau/caddy-security"
}

GHSA-VPFW-47H7-XJ4G

Vulnerability from github – Published: 2025-05-08 14:45 – Updated: 2025-05-09 14:34
VLAI
Summary
Rack session gets restored after deletion
Details

Summary

When using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session.

Details

Rack session middleware prepares the session at the beginning of request, then saves is back to the store with possible changes applied by host rack application. This way the session becomes to be a subject of race conditions in general sense over concurrent rack requests.

Impact

When using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout.

Mitigation

  • Update to the latest version of rack, or
  • Ensure your application invalidates sessions atomically by marking them as logged out e.g., using a logged_out flag, instead of deleting them, and check this flag on every request to prevent reuse, or
  • Implement a custom session store that tracks session invalidation timestamps and refuses to accept session data if the session was invalidated after the request began.

Related

As this code was moved to rack-session in Rack 3+, see https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj for the equivalent advisory in rack-session (affecting Rack 3+ only).

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.2.13"
      },
      "package": {
        "ecosystem": "RubyGems",
        "name": "rack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-32441"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-367",
      "CWE-613"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-08T14:45:18Z",
    "nvd_published_at": "2025-05-07T23:15:53Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nWhen using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session.\n\n### Details\n\n[Rack session middleware](https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270) prepares the session at the beginning of request, then saves is back to the store with possible changes applied by host rack application. This way the session becomes to be a subject of race conditions in general sense over concurrent rack requests.\n\n### Impact\n\nWhen using the `Rack::Session::Pool` middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout.\n\n## Mitigation\n\n- Update to the latest version of `rack`, or\n- Ensure your application invalidates sessions atomically by marking them as logged out e.g., using a `logged_out` flag, instead of deleting them, and check this flag on every request to prevent reuse, or\n- Implement a custom session store that tracks session invalidation timestamps and refuses to accept session data if the session was invalidated after the request began.\n\n### Related\n\nAs this code was moved to `rack-session` in Rack 3+, see \u003chttps://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj\u003e for the equivalent advisory in `rack-session` (affecting Rack 3+ only).",
  "id": "GHSA-vpfw-47h7-xj4g",
  "modified": "2025-05-09T14:34:16Z",
  "published": "2025-05-08T14:45:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32441"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rack/rack"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Rack session gets restored after deletion"
}

GHSA-VQ32-QXMX-986V

Vulnerability from github – Published: 2023-07-31 03:30 – Updated: 2023-07-31 03:30
VLAI
Details

Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-31T01:15:09Z",
    "severity": "LOW"
  },
  "details": "Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.",
  "id": "GHSA-vq32-qxmx-986v",
  "modified": "2023-07-31T03:30:23Z",
  "published": "2023-07-31T03:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4005"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VR2W-6JC9-59FH

Vulnerability from github – Published: 2022-10-24 19:00 – Updated: 2022-10-24 19:00
VLAI
Details

Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46279"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-24T14:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.",
  "id": "GHSA-vr2w-6jc9-59fh",
  "modified": "2022-10-24T19:00:16Z",
  "published": "2022-10-24T19:00:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46279"
    },
    {
      "type": "WEB",
      "url": "https://github.com/CVEProject/cvelist/blob/master/2021/46xxx/CVE-2021-46279.json"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories/CVE-2021-46279"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VR7M-C6V4-8CX8

Vulnerability from github – Published: 2026-06-01 09:31 – Updated: 2026-07-08 19:45
VLAI
Summary
Apache Airflow: Auth manager doesn't invalidate JWT tokens after users click logout
Details

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoke_token() call, so the JWT remained accepted by the API server until its natural expiry. An attacker holding a previously-issued JWT for a logged-out user could continue to make authenticated API calls as that user. Affects deployments configured with FabAuthManager or KeycloakAuthManager (the bug does not affect SimpleAuthManager). This is a residual gap in the fix for CVE-2025-57735, which addressed cookie-side invalidation in PR #57992 / PR #61339 but did not cover the provider-side revoke_token() reachability in the FAB / Keycloak code paths. Users who already upgraded for CVE-2025-57735 should additionally upgrade to apache-airflow 3.2.2 or later to cover the FAB / Keycloak logout paths.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-48726"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-08T19:45:43Z",
    "nvd_published_at": "2026-06-01T09:16:20Z",
    "severity": "MODERATE"
  },
  "details": "A bug in Apache Airflow\u0027s auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` did not actually reach the underlying `revoke_token()` call, so the JWT remained accepted by the API server until its natural expiry. An attacker holding a previously-issued JWT for a logged-out user could continue to make authenticated API calls as that user. Affects deployments configured with `FabAuthManager` or `KeycloakAuthManager` (the bug does not affect SimpleAuthManager). This is a residual gap in the fix for CVE-2025-57735, which addressed cookie-side invalidation in PR #57992 / PR #61339 but did not cover the provider-side `revoke_token()` reachability in the FAB / Keycloak code paths. Users who already upgraded for CVE-2025-57735 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the FAB / Keycloak logout paths.",
  "id": "GHSA-vr7m-c6v4-8cx8",
  "modified": "2026-07-08T19:45:43Z",
  "published": "2026-06-01T09:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48726"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/67289"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/airflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-187.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/630jg4z6cjkv4m2yv2ljgmf1zhdj1vqx"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57735"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Airflow: Auth manager doesn\u0027t invalidate JWT tokens after users click logout"
}

GHSA-VWF2-F9CG-9FG8

Vulnerability from github – Published: 2023-06-19 06:30 – Updated: 2024-04-04 04:56
VLAI
Details

In Siren Investigate before 13.2.2, session keys remain active even after logging out.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-35857"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-19T04:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "In Siren Investigate before 13.2.2, session keys remain active even after logging out.",
  "id": "GHSA-vwf2-f9cg-9fg8",
  "modified": "2024-04-04T04:56:00Z",
  "published": "2023-06-19T06:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35857"
    },
    {
      "type": "WEB",
      "url": "https://community.siren.io/c/announcements"
    },
    {
      "type": "WEB",
      "url": "https://docs.support.siren.io/siren-platform-user-guide/13.2/release-notes.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VWHP-8JH2-Q93M

Vulnerability from github – Published: 2022-05-17 19:57 – Updated: 2024-04-04 00:01
VLAI
Details

Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-2595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-613"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-12T01:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.",
  "id": "GHSA-vwhp-8jh2-q93m",
  "modified": "2024-04-04T00:01:17Z",
  "published": "2022-05-17T19:57:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2595"
    },
    {
      "type": "WEB",
      "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/39278"
    },
    {
      "type": "WEB",
      "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595"
    },
    {
      "type": "WEB",
      "url": "https://www.securityfocus.com/bid/69028"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/Aug/5"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/109782"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Set sessions/credentials expiration date.

No CAPEC attack patterns related to this CWE.