Lucene search
GoogleOSV:GHSA-438X-2P9V-G8H9HistoryMay 24, 2022 - 10:28 p.m.
Camaleon CMS Insufficient Session Expiration vulnerability
2022-05-2422:28:10
Google
osv.dev
8
camaleon cms
insufficient session expiration
vulnerability fix
software
EPSS
0.002
Percentile
59.5%
Camaleon CMS 0.1.7 through 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed. Resolved in commit 77e31bc6cdde7c951fba104aebcd5ebb3f02b030 which is included in the 2.6.0.1 release.
References
github.com/owen2345/camaleon-cms
github.com/owen2345/camaleon-cms/commit/77e31bc6cdde7c951fba104aebcd5ebb3f02b030
github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2021-25970.yml
nvd.nist.gov/vuln/detail/CVE-2021-25970
www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25970
Related
rubygems
rubygems
Camaleon CMS Insufficient Session Expiration vulnerability
2022-05-23 21:00:00
osv
osv
CVE-2021-25970
2021-10-20 12:15:07
veracode
veracode
Session Fixation
2021-10-21 02:45:49
prion
prion
Default credentials
2021-10-20 12:15:00
nvd
nvd
CVE-2021-25970
2021-10-20 12:15:07
cvelist
cvelist
cve
cve
CVE-2021-25970
2021-10-20 12:15:07
github
github
Camaleon CMS Insufficient Session Expiration vulnerability
2022-05-24 22:28:10