CWE-613
Allowed-with-ReviewInsufficient Session Expiration
Abstraction: Base · Status: Incomplete
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
874 vulnerabilities reference this CWE, most recent first.
GHSA-WMM3-H9QJ-P5V6
Vulnerability from github – Published: 2026-05-12 22:23 – Updated: 2026-06-09 10:32Summary
Changing a user’s password does not invalidate existing sessions, allowing an attacker with a stolen cookie to retain access even after the victim resets their password.
Details
SillyTavern relies on cookie-session for authentication, storing all session data (user handle, permissions) in a signed cookie. The endpoints POST /api/users/change-password and POST /api/users/recover-step2 only update the password hash in the database but do not expire current sessions. Because the session is stateless and stored entirely in the client cookie, there is no server-side mechanism to revoke a token once issued.
PoC
1.Log into the same SillyTavern account from two different browsers (e.g., Chrome and Firefox private mode). 2.In Chrome, change the account password under User Settings → Change Password. 3.In Firefox, refresh the page or perform a protected action (e.g., view API keys). 4.Expected: Firefox session should be invalidated and ask for login. 5.Actual: Firefox remains fully authenticated, able to perform all actions as the targeted user.
Impact
An attacker who obtains a valid session cookie (via XSS, MITM, physical access, etc.) can continue using it indefinitely, even after the legitimate user changes their password. This nullifies the most common recovery measure against session theft. The default cookie lifespan is 400 days, giving an attacker a very long exploitation window.
Resolution
A fix was released in the version 1.18.0, invalidating a session cookie on account password change.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.17.0"
},
"package": {
"ecosystem": "npm",
"name": "sillytavern"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.18.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44648"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-12T22:23:20Z",
"nvd_published_at": "2026-05-29T19:16:24Z",
"severity": "HIGH"
},
"details": "### Summary\nChanging a user\u2019s password does not invalidate existing sessions, allowing an attacker with a stolen cookie to retain access even after the victim resets their password.\n\n### Details\nSillyTavern relies on cookie-session for authentication, storing all session data (user handle, permissions) in a signed cookie. The endpoints POST /api/users/change-password and POST /api/users/recover-step2 only update the password hash in the database but do not expire current sessions. Because the session is stateless and stored entirely in the client cookie, there is no server-side mechanism to revoke a token once issued.\n\n### PoC\n1.Log into the same SillyTavern account from two different browsers (e.g., Chrome and Firefox private mode).\n2.In Chrome, change the account password under User Settings \u2192 Change Password.\n3.In Firefox, refresh the page or perform a protected action (e.g., view API keys).\n4.Expected: Firefox session should be invalidated and ask for login.\n5.Actual: Firefox remains fully authenticated, able to perform all actions as the targeted user.\n\n### Impact\nAn attacker who obtains a valid session cookie (via XSS, MITM, physical access, etc.) can continue using it indefinitely, even after the legitimate user changes their password.\nThis nullifies the most common recovery measure against session theft.\nThe default cookie lifespan is 400 days, giving an attacker a very long exploitation window.\n\n### Resolution\nA fix was released in the version 1.18.0, invalidating a session cookie on account password change.",
"id": "GHSA-wmm3-h9qj-p5v6",
"modified": "2026-06-09T10:32:03Z",
"published": "2026-05-12T22:23:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-wmm3-h9qj-p5v6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44648"
},
{
"type": "PACKAGE",
"url": "https://github.com/SillyTavern/SillyTavern"
},
{
"type": "WEB",
"url": "https://github.com/SillyTavern/SillyTavern/releases/tag/1.18.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "SillyTavern: Existing sessions are not invalidated after password change, allowing session reuse and account takeover"
}
GHSA-WMM5-59WM-X34P
Vulnerability from github – Published: 2025-05-13 12:31 – Updated: 2025-05-13 12:31A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout.
{
"affected": [],
"aliases": [
"CVE-2025-40566"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T10:15:26Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions \u003c V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user\u0027s session even after logout.",
"id": "GHSA-wmm5-59wm-x34p",
"modified": "2025-05-13T12:31:36Z",
"published": "2025-05-13T12:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40566"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-339086.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WRMQ-9FC4-GWWJ
Vulnerability from github – Published: 2026-06-16 21:31 – Updated: 2026-06-18 13:03Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-q99w-vh6v-q3v7. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval, weakening revocation controls and maintaining unauthorized access longer than intended.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 2026.5.26"
},
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-18T13:03:03Z",
"nvd_published_at": "2026-06-16T19:17:01Z",
"severity": "HIGH"
},
"details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of\u00a0GHSA-q99w-vh6v-q3v7. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access without renewed approval, weakening revocation controls and maintaining unauthorized access longer than intended.",
"id": "GHSA-wrmq-9fc4-gwwj",
"modified": "2026-06-18T13:03:03Z",
"published": "2026-06-16T21:31:57Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q99w-vh6v-q3v7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53843"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-node-token-revocation-bypass-via-pairing-scoped-device-session"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: Pairing-scoped device session could restore revoked node token authority",
"withdrawn": "2026-06-18T13:03:03Z"
}
GHSA-WVGJ-4785-CM7H
Vulnerability from github – Published: 2022-10-27 12:00 – Updated: 2025-05-07 21:31In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.
{
"affected": [],
"aliases": [
"CVE-2022-2782"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-27T10:15:00Z",
"severity": "CRITICAL"
},
"details": "In affected versions of Octopus Server it is possible for a session token to be valid indefinitely due to improper validation of the session token parameters.",
"id": "GHSA-wvgj-4785-cm7h",
"modified": "2025-05-07T21:31:38Z",
"published": "2022-10-27T12:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2782"
},
{
"type": "WEB",
"url": "https://advisories.octopus.com/post/2022/sa2022-21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WVJJ-4G8C-4V8V
Vulnerability from github – Published: 2025-07-28 18:31 – Updated: 2025-07-28 21:31Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack.
{
"affected": [],
"aliases": [
"CVE-2025-50491"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-28T18:15:26Z",
"severity": "HIGH"
},
"details": "Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack.",
"id": "GHSA-wvjj-4g8c-4v8v",
"modified": "2025-07-28T21:31:32Z",
"published": "2025-07-28T18:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50491"
},
{
"type": "WEB",
"url": "https://github.com/VasilVK/CVE/tree/main/CVE-2025-50491"
},
{
"type": "WEB",
"url": "http://bank.com"
},
{
"type": "WEB",
"url": "http://phpgurukul.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WW63-PV5X-VFC8
Vulnerability from github – Published: 2026-06-16 21:05 – Updated: 2026-06-16 21:05Summary
Sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed.
Impact
When a sandbox owner changed a preview from public to private, the preview proxy could continue serving unauthenticated requests to that sandbox's ordinary preview ports for a bounded period before the change took effect. Only sandboxes that had been made public and were later set back to private were affected, and only until the proxy's cached visibility state was refreshed. Terminal, toolbox, and recording-dashboard ports were never affected, as those always require authentication. The issue did not involve cross-tenant access, privilege escalation, or remote code execution.
Patches
Fixed in v0.184.0. Sandbox visibility changes now invalidate the proxy's cached preview state immediately, so revoking a public preview takes effect on the next request.
Workarounds
Upgrade to v0.184.0 or later. There is no configuration workaround for earlier versions.
Credit
Reported through Daytona's Vulnerability Disclosure Program by mrknightnidu(nidalkhan). Linkedin: https://www.linkedin.com/in/mrknight-nidu-031340328/
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.183.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/daytonaio/daytona"
},
"ranges": [
{
"events": [
{
"introduced": "0.101.0"
},
{
"fixed": "0.184.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54321"
],
"database_specific": {
"cwe_ids": [
"CWE-613",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-16T21:05:13Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nSandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox\u0027s visibility changed.\n\n### Impact\nWhen a sandbox owner changed a preview from public to private, the preview proxy could continue serving unauthenticated requests to that sandbox\u0027s ordinary preview ports for a bounded period before the change took effect. Only sandboxes that had been made public and were later set back to private were affected, and only until the proxy\u0027s cached visibility state was refreshed. Terminal, toolbox, and recording-dashboard ports were never affected, as those always require authentication. The issue did not involve cross-tenant access, privilege escalation, or remote code execution.\n\n### Patches\nFixed in v0.184.0. Sandbox visibility changes now invalidate the proxy\u0027s cached preview state immediately, so revoking a public preview takes effect on the next request.\n\n### Workarounds\nUpgrade to v0.184.0 or later. There is no configuration workaround for earlier versions.\n\n### Credit\nReported through Daytona\u0027s Vulnerability Disclosure Program by **mrknightnidu(nidalkhan)**.\n**Linkedin**: https://www.linkedin.com/in/mrknight-nidu-031340328/",
"id": "GHSA-ww63-pv5x-vfc8",
"modified": "2026-06-16T21:05:14Z",
"published": "2026-06-16T21:05:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/daytonaio/daytona/security/advisories/GHSA-ww63-pv5x-vfc8"
},
{
"type": "PACKAGE",
"url": "https://github.com/daytonaio/daytona"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Daytona: Public sandbox previews remain accessible for up to one hour after being made private"
}
GHSA-WWC3-C577-533M
Vulnerability from github – Published: 2026-04-24 00:31 – Updated: 2026-05-04 21:59Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-rfqg-qgf8-xr9x. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing WebSocket connections after token rotation.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.3.31"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-04T21:59:59Z",
"nvd_published_at": "2026-04-23T22:16:43Z",
"severity": "LOW"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-rfqg-qgf8-xr9x. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing WebSocket connections after token rotation.",
"id": "GHSA-wwc3-c577-533m",
"modified": "2026-05-04T21:59:59Z",
"published": "2026-04-24T00:31:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-rfqg-qgf8-xr9x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41356"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/91f7a6b0fd67b703897e6e307762d471ca09333d"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-incomplete-websocket-session-termination-in-device-token-rotate"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: OpenClaw: Gateway `device.token.rotate` does not terminate active WebSocket sessions after credential rotation",
"withdrawn": "2026-05-04T21:59:59Z"
}
GHSA-WWJC-H7F8-CQV5
Vulnerability from github – Published: 2025-04-24 12:31 – Updated: 2025-04-24 12:31Due to improper JSON Web Tokens implementation an unauthenticated remote attacker can guess a valid session ID and therefore impersonate a user to gain full access.
{
"affected": [],
"aliases": [
"CVE-2021-47663"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-24T10:15:16Z",
"severity": "HIGH"
},
"details": "Due to improper\u00a0JSON Web Tokens implementation an unauthenticated remote attacker can guess a valid session ID and therefore impersonate a user to gain full access.",
"id": "GHSA-wwjc-h7f8-cqv5",
"modified": "2025-04-24T12:31:28Z",
"published": "2025-04-24T12:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47663"
},
{
"type": "WEB",
"url": "https://www.sciencedirect.com/science/article/pii/S2351978921001657"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WWJW-R3GJ-39FQ
Vulnerability from github – Published: 2022-06-17 20:57 – Updated: 2022-06-24 19:54Meta
- CVSS:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C(5.6)
Problem
Admin Tool sessions initiated via the TYPO3 backend user interface have not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit.
Solution
Update to TYPO3 versions 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above.
Credits
Thanks to Kien Hoang who reported this issue and to TYPO3 framework merger Ralf Zimmermann and TYPO3 security member Oliver Hader who fixed the issue.
References
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.5.35"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.4.29"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.5.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms"
},
"ranges": [
{
"events": [
{
"introduced": "10.0.0"
},
{
"fixed": "10.4.29"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.5.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-31050"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-17T20:57:27Z",
"nvd_published_at": "2022-06-14T21:15:00Z",
"severity": "MODERATE"
},
"details": "\u003e ### Meta\n\u003e * CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.6)\n\n### Problem\nAdmin Tool sessions initiated via the TYPO3 backend user interface have not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit.\n\n### Solution\nUpdate to TYPO3 versions 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above.\n\n### Credits\nThanks to Kien Hoang who reported this issue and to TYPO3 framework merger Ralf Zimmermann and TYPO3 security member Oliver Hader who fixed the issue.\n\n### References\n* [TYPO3-CORE-SA-2022-005](https://typo3.org/security/advisory/typo3-core-sa-2022-005)",
"id": "GHSA-wwjw-r3gj-39fq",
"modified": "2022-06-24T19:54:44Z",
"published": "2022-06-17T20:57:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31050"
},
{
"type": "WEB",
"url": "https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31050.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/TYPO3-CMS/core"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Insufficient Session Expiration in TYPO3\u0027s Admin Tool"
}
GHSA-WX2Q-8M6X-V282
Vulnerability from github – Published: 2023-04-18 21:30 – Updated: 2024-04-04 03:34A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account.
{
"affected": [],
"aliases": [
"CVE-2023-28003"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-18T21:15:09Z",
"severity": "HIGH"
},
"details": "\n\n\nA CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to\nmaintain unauthorized access over a hijacked session in PME after the legitimate user has\nsigned out of their account.\n\n\n\n",
"id": "GHSA-wx2q-8m6x-v282",
"modified": "2024-04-04T03:34:42Z",
"published": "2023-04-18T21:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28003"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-073-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-073-01.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Set sessions/credentials expiration date.
No CAPEC attack patterns related to this CWE.