2 matches found
CVE-2021-3113
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...
Session Information Disclosure Vulnerability
Session is a new type of encrypted private messenger open-sourced by Oxen. An information disclosure vulnerability exists in Netsia SEBA+ version 0.16.1 build 70-e669dcd7, which can be exploited by an attacker to discover a session cookie via a direct session list allActiveSession request...