Lucene search
GitHub Advisory DatabaseGHSA-2Q2F-H83X-CX3XHistoryMay 14, 2024 - 9:34 p.m.
Reportico Web fails to invalidate cookies upon logout
2024-05-1421:34:44
CWE-613
GitHub Advisory Database
github.com
4
reportico web
vulnerability
session cookies
logout
unauthorized access
An issue in Reportico Web before v.8.1.0. This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout. When a user logs out of the application, the session cookie should be invalidated to prevent unauthorized access. However, due to the oversight in the application’s implementation, the session cookie remains active even after logout. Consequently, if an attacker obtains the session cookie, they can exploit it to access the user’s session and perform unauthorized actions.
Affected configurations
Node
reportico-webreporticoRange≤8.1.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| reportico-web/reportico | le | 8.1.0 |
Related
veracode
veracode
Improper Session Management
2024-05-15 06:18:40
nvd
nvd
CVE-2024-31556
2024-05-14 21:15:12
cvelist
cvelist
CVE-2024-31556
1976-01-01 00:00:00
osv
osv
CVE-2024-31556
2024-05-14 21:15:12
Reportico Web fails to invalidate cookies upon logout
2024-05-14 21:34:44
vulnrichment
vulnrichment
CVE-2024-31556
1976-01-01 00:00:00
cve
cve
CVE-2024-31556
2024-05-14 21:15:12