Lucene search
PRIOn knowledge basePRION:CVE-2021-25979HistoryNov 08, 2021 - 3:15 p.m.
Session fixation
2021-11-0815:15:00
PRIOn knowledge base
www.prio-n.com
5
Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account in question can be archived (3.x) or moved to the trash (2.x and earlier) which does disable the existing session.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apostrophecms | ge | 2.63.0 | |
| apostrophecms | lt | 3.3.1 |
Related
cve
cve
CVE-2021-25979
2021-11-08 15:15:07
cvelist
cvelist
CVE-2021-25979 Apostrophe - Insufficient Session Expiration
2021-11-08 14:20:11
nvd
nvd
CVE-2021-25979
2021-11-08 15:15:07
osv
osv
CVE-2021-25979
2021-11-08 15:15:07
Apostrophe CMS Insufficient Session Expiration vulnerability
2021-11-10 17:02:44
cnvd
cnvd
Apostrophe licensing issue vulnerability
2021-11-10 00:00:00
github
github
Apostrophe CMS Insufficient Session Expiration vulnerability
2021-11-10 17:02:44
veracode
veracode
Insecure Session Management
2021-11-09 02:39:54