3 matches found
CVE-2021-25979
Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...
CVE-2021-25979
Apostrophe CMS vulnerability CVE-2021-25979 affects versions 2.63.0 through 3.3.1, where the system does not invalidate existing login sessions when disabling a user or changing a password. This can allow a compromised device to maintain access after actions intended to lock out the user. The roo...
CVE-2021-25979 Apostrophe - Insufficient Session Expiration
Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...