CVE-2021-3311

🗓️ 05 Feb 2021 14:19:15Reported by [email protected]Type

Issue in October build 471, reactivating old session ID after new login

Reporter	Title	Published	Views	Family All 7
OSV	CVE-2021-3311	5 Feb 202114:15	–	osv
OSV	October CMS Session ID not invalidated after logout	10 Feb 202102:32	–	osv
Veracode	Insecure Session Management	11 Feb 202103:57	–	veracode
Prion	Authentication flaw	5 Feb 202114:15	–	prion
Cvelist	CVE-2021-3311	5 Feb 202104:47	–	cvelist
CVE	CVE-2021-3311	5 Feb 202114:15	–	cve
Github Security Blog	October CMS Session ID not invalidated after logout	10 Feb 202102:32	–	github

Nvd

Node

octobercms octoberRange≤1.0.471

Source	Link
anisiosantos	www.anisiosantos.me/october-cms-token-reactivation
octobercms	www.octobercms.com/forum/chan/announcements
github	www.github.com/octobercms/library/commit/642f597489e6f644d4bd9a0c267e864cabead024

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

05 Feb 2021 14:15Current

CVSS26.8

CVSS39.8

EPSS0.01238

CWE-613