Lucene search

GitHub_MCVELIST:CVE-2023-40174

HistoryAug 18, 2023 - 9:41 p.m.

CVE-2023-40174 Insufficient Session Expiration in fobybus/social-media-skeleton

2023-08-1821:41:53

CWE-613

GitHub_M

www.cve.org

insufficient session expiration

social media skeleton

php

css

javascript

html

version 1.0.5

web application security

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user’s session. Social media skeleton releases prior to 1.0.5 did not properly limit manage user session lifecycles. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this vulnerability.

CNA Affected

[
  {
    "vendor": "fobybus",
    "product": "social-media-skeleton",
    "versions": [
      {
        "version": "< 1.0.5",
        "status": "affected"
      }
    ]
  }
]

References

github.com/fobybus/social-media-skeleton/commit/99738b2cc5efb6a5739161c931daa43f99431e5a

github.com/fobybus/social-media-skeleton/security/advisories/GHSA-cr5c-ggwq-g4hq

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

Related for CVELIST:CVE-2023-40174