Lucene search
GoogleOSV:GHSA-9J9M-8WJC-FF96HistoryNov 10, 2021 - 5:02 p.m.
Apostrophe CMS Insufficient Session Expiration vulnerability
2021-11-1017:02:44
Google
osv.dev
11
0.005 Low
EPSS
Percentile
75.6%
Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users’ sessions. As a mitigation for older releases the user account in question can be archived (3.x) or moved to the trash (2.x and earlier) which does disable the existing session.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apostrophe | lt | 3.4.0 | |
| apostrophe | ge | 2.63.0 |
Related
cve
cve
CVE-2021-25979
2021-11-08 15:15:07
cvelist
cvelist
CVE-2021-25979 Apostrophe - Insufficient Session Expiration
2021-11-08 14:20:11
nvd
nvd
CVE-2021-25979
2021-11-08 15:15:07
osv
osv
CVE-2021-25979
2021-11-08 15:15:07
veracode
veracode
Insecure Session Management
2021-11-09 02:39:54
prion
prion
Session fixation
2021-11-08 15:15:00
cnvd
cnvd
Apostrophe licensing issue vulnerability
2021-11-10 00:00:00
github
github
Apostrophe CMS Insufficient Session Expiration vulnerability
2021-11-10 17:02:44