3 matches found
CVE-2024-25718
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...
CVE-2024-25718
creationtimestamp| type| source ---|---|--- 2024-02-11 06:26:51+00:00| seen| https://t.me/ctinow/182692 2024-02-13 02:13:03+00:00| seen| https://t.me/arpsyndicate/3513...
CVE-2024-25718
The CVE-2024-25718 issue affects the Samly package for Elixir prior to 1.4.0. The vulnerability stems from Samly.State.Store.get_assertion/3 returning an expired session, and Samly.AuthHandler caching that session so it is not replaced after expiry, potentially bypassing access controls. Affected...