PYSEC-2021-341

2021-08-1618:15:00

Google

osv.dev

0.005 Low

EPSS

Percentile

76.9%

JSON

Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user’s authentication token upon logout, which allows for replaying packets.

CPENameOperatorVersion
lin-cmseq0.1.1b1
lin-cmseq0.3.1
lin-cmseq0.4.5
lin-cmseq0.1.1a8
lin-cmseq0.1.1a6
lin-cmseq0.1.1b4
lin-cmseq0.3.0a5
lin-cmseq0.1.1a7
lin-cmseq0.4.8
lin-cmseq0.3.0a6

Name	Operator	Version
lin-cms	eq	0.1.1b1
lin-cms	eq	0.3.1
lin-cms	eq	0.4.5
lin-cms	eq	0.1.1a8
lin-cms	eq	0.1.1a6
lin-cms	eq	0.1.1b4
lin-cms	eq	0.3.0a5
lin-cms	eq	0.1.1a7
lin-cms	eq	0.4.8
lin-cms	eq	0.3.0a6

Rows per page:

1-10 of 351

References

github.com/TaleLin/lin-cms-flask/issues/30

0.005 Low

EPSS

Percentile

76.9%

JSON

Related for OSV:PYSEC-2021-341