3 matches found
CVE-2022-34624
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request...
CVE-2022-34624
creationtimestamp| type| source ---|---|--- 2022-08-19 18:17:23+00:00| seen| https://t.me/cibsecurity/48438...
CVE-2022-34624
CVE-2022-34624 affects Mealie 1.0.0beta3, where download tokens are not terminated after logout, enabling a man-in-the-middle via a crafted GET request. The NVD entry lists a CVSS 3.1 base score of 5.9 (MEDIUM) with NETWORK attack vector and HIGH confidentiality impact, and NO exploitation detail...