21 matches found
CVE-2025-4754
CVE-2025-4754 describes an Insufficient Session Expiration vulnerability in ash_authentication_phoenix (ash-project) that enables session hijacking. Affected component: lib/ash_authentication_phoenix/controller.ex; affected until version 2.10.0. Reported impact includes tokens remaining valid aft...
CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix
Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...
EEF-CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix
Summary Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...
CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix
Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...
Ash Authentication Phoenix 代码问题漏洞
Ash Authentication Phoenix is an Alembic open source that provides plug-in authentication support for Phoenix applications using AshAuthentication. A security vulnerability exists in Ash Authentication Phoenix version 2.10.0 and earlier that stems from insufficient session expiration and could le...
PT-2025-25659 · Ash · Ash Authentication Phoenix
Name of the Vulnerable Software and Affected Versions: ash-project ash authentication phoenix versions prior to 2.10.0 Description: The issue affects the ash authentication phoenix library, where session tokens remain valid on the server after a user logs out. This creates a security gap where...
CVE-2025-32782
Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow...
CVE-2025-32782
Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow...
CVE-2025-32782 Ash Authentication email link auto-click account confirmation vulnerability
Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow...
CVE-2025-32782
CVE-2025-32782 affects Ash Authentication (Ash framework). The vulnerability stems from the account-creation confirmation flow, which uses a GET request triggered by clicking an email link. Some email clients and security tools may auto-follow the link, unintentionally confirming the new account ...
CVE-2025-32782 Ash Authentication email link auto-click account confirmation vulnerability
Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow...
CVE-2025-32782 Ash Authentication email link auto-click account confirmation vulnerability
Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow...
Ash Authentication 访问控制错误漏洞
Ash Authentication is an Ash authentication framework open-sourced by Alembic. An access control error vulnerability exists in Ash Authentication versions prior to 4.7.0 that originates in the GET request validation process and could lead to automatic account validation...
PT-2025-16540 · Unknown · Ashauthentication
Name of the Vulnerable Software and Affected Versions: Ash Authentication versions prior to 4.7.0 Description: The confirmation flow for account creation in Ash Authentication uses a GET request triggered by clicking a link sent via email. Some email clients and security tools may automatically...
CVE-2025-25202
Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy or are manually revoking tokens are affected by revoked tokens being allow...
CVE-2025-25202
Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy or are manually revoking tokens are affected by revoked tokens being allow...
CVE-2025-25202 Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`
Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy or are manually revoking tokens are affected by revoked tokens being allow...
CVE-2025-25202 Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`
Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy or are manually revoking tokens are affected by revoked tokens being allow...
CVE-2025-25202
CVE-2025-25202 affects Ash Authentication (Elixir) in installations bootstrapped with the igniter installer from v4.1.0 up to but not including v4.4.9. The issue is that magic link tokens—as well as tokens revoked manually—could be verified as valid even after revocation, effectively making magic...
CVE-2025-25202 Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`
Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy or are manually revoking tokens are affected by revoked tokens being allow...