Lucene search

GitHub_MCVELIST:CVE-2023-45659

HistoryOct 16, 2023 - 11:32 p.m.

CVE-2023-45659 Session is not expiring after password reset in Engelsystem

2023-10-1623:32:57

CWE-613

GitHub_M

www.cve.org

engelsystem

session

password reset

vulnerability

commit

update installation

3.6 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

4.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Engelsystem is a shift planning system for chaos events. If a users’ password is compromised and an attacker gained access to a users’ account, i.e., logged in and obtained a session, an attackers’ session is not terminated if the users’ account password is reset. This vulnerability has been fixed in the commit dbb089315ff3d. Users are advised to update their installations. There are no known workarounds for this vulnerability.

CNA Affected

[
  {
    "vendor": "engelsystem",
    "product": "engelsystem",
    "versions": [
      {
        "version": "< dbb089315ff3d",
        "status": "affected"
      }
    ]
  }
]

References

github.com/engelsystem/engelsystem/commit/dbb089315ff3d8aabc11445e78fb50765208b27d

github.com/engelsystem/engelsystem/security/advisories/GHSA-f6mm-3v2h-jm6x

3.6 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

4.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2023-45659