Lucene search
+L

28 matches found

redhatcve
redhatcve
added 2025/09/10 9:17 p.m.9 views

CVE-2025-57766

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors such as XSS ca...

6.3CVSS6.8AI score0.00275EPSS
Exploits1References1
github
github
added 2025/09/08 8:5 p.m.11 views

Fides' Admin UI User Password Change Does Not Invalidate Current Session

Summary Admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors such as XSS can maintain access even after password reset. This issue is not directly...

6.3CVSS6.2AI score0.00275EPSS
Exploits1References5Affected Software1
ptsecurity
ptsecurity
added 2025/09/05 12:0 a.m.6 views

PT-2025-36626

Summary Insecure session handling opened room for a privilege escalation scenario in which prebuilt workspaces could be compromised by abusing a shared system identity. Details Coder automatically generates a session token for a user when a workspace is started. It is automatically exposed via...

8.1CVSS7.7AI score
Exploits0References9
redhatcve
redhatcve
added 2025/05/22 6:57 p.m.24 views

CVE-2021-26921

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled...

6.5CVSS6.7AI score0.01271EPSS
Exploits0References1
cvelist
cvelist
added 2025/02/11 3:14 p.m.20 views

CVE-2025-24896 Misskey allows token to remain valid in cookie after signing out

Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named token is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted even after logout is performed. The primary...

8.1CVSS0.00577EPSS
Exploits0References2
cnvd
cnvd
added 2024/07/25 12:0 a.m.3 views

Unspecified Vulnerability in JetBrains TeamCity

JetBrains TeamCity is a Continuous Integration CI/CD tool that is primarily used to automate the software build, test, and deployment process. A security vulnerability exists in JetBrains TeamCity that can be exploited by an attacker to cause access tokens to continue to work after they have been...

9.8CVSS6.9AI score0.00404EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2021/02/09 12:0 a.m.5 views

PT-2021-17177 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 1.8.4 Description: The issue arises from the fact that tokens remain active even after the associated user account has been disabled. This is due to a problem in the util/session/sessionmanager.go file...

6.5CVSS6.8AI score0.01271EPSS
Exploits0References9
osv
osv
added 2020/04/28 7:15 p.m.5 views

CVE-2020-9482

If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging ou...

6.5CVSS6.5AI score0.02607EPSS
Exploits0References1
Rows per page
Query Builder