CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix

Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...

CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix

Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...

EEF-CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix

Summary Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...

Ash Authentication Phoenix 代码问题漏洞

Ash Authentication Phoenix is an Alembic open source that provides plug-in authentication support for Phoenix applications using AshAuthentication. A security vulnerability exists in Ash Authentication Phoenix version 2.10.0 and earlier that stems from insufficient session expiration and could le...

PT-2025-25659 · Ash · Ash Authentication Phoenix

Name of the Vulnerable Software and Affected Versions: ash-project ash authentication phoenix versions prior to 2.10.0 Description: The issue affects the ash authentication phoenix library, where session tokens remain valid on the server after a user logs out. This creates a security gap where...