Lucene search

@huntrdevCVELIST:CVE-2023-5889

HistoryNov 01, 2023 - 12:00 a.m.

CVE-2023-5889 Insufficient Session Expiration in pkp/pkp-lib

2023-11-0100:00:18

CWE-613

@huntrdev

www.cve.org

cve-2023

insufficient session

expiration

pkp/pkp-lib

github

repository

vulnerability

prior version

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

36.1%

JSON

Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CNA Affected

[
  {
    "vendor": "pkp",
    "product": "pkp/pkp-lib",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "3.3.0-16",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/pkp/pkp-lib/commit/32d071ef2090fc336bc17d56a86d1dff90c26f0b

huntr.com/bounties/fba2991a-1b8a-4c89-9689-d708526928e1

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

36.1%

JSON

Related for CVELIST:CVE-2023-5889