Lucene search

@huntrdevCVELIST:CVE-2023-4005

HistoryJul 31, 2023 - 12:00 a.m.

CVE-2023-4005 Insufficient Session Expiration in fossbilling/fossbilling

2023-07-3100:00:19

CWE-613

@huntrdev

www.cve.org

cve-2023-4005

github repository

insufficient session expiration

3.8 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.3%

JSON

Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.

CNA Affected

[
  {
    "vendor": "fossbilling",
    "product": "fossbilling/fossbilling",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "0.5.5",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1

huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4

3.8 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.3%

JSON

Related for CVELIST:CVE-2023-4005