2 matches found
CVE-2021-25940 ArangoDB - Insufficient Session Expiration after Password Change
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system...
CVE-2021-25940
CVE-2021-25940 affects ArangoDB v3.7.6–v3.8.3. The issue is Insufficient Session Expiration : when an administrator changes a user’s password, the session is not invalidated, allowing a non-privileged user who is already authenticated to remain logged in and perform arbitrary actions. The provide...