Lucene search
+L

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:29 p.m.10 views

CVE-2021-3311

An issue was discovered in October through build 471. It reactivates an old session ID which had been invalid after a logout once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an...

9.8CVSS7AI score0.02903EPSS
Exploits1References1
OSV
OSV
added 2021/02/10 2:32 a.m.108 views

GHSA-7GGW-H8PP-R95R October CMS Session ID not invalidated after logout

Impact When logging out, the session ID was not invalidated. This is not a problem while the user is logged out, but as soon as the user logs back in the old session ID would be valid again; which means that anyone that gained access to the old session cookie would be able to act as the logged in...

9.8CVSS9.5AI score0.02903EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2021/02/10 2:32 a.m.86 views

October CMS Session ID not invalidated after logout

Impact When logging out, the session ID was not invalidated. This is not a problem while the user is logged out, but as soon as the user logs back in the old session ID would be valid again; which means that anyone that gained access to the old session cookie would be able to act as the logged in...

9.8CVSS8.9AI score0.02903EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2021/02/05 2:15 p.m.28 views

CVE-2021-3311

An issue was discovered in October through build 471. It reactivates an old session ID which had been invalid after a logout once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an...

9.8CVSS0.02903EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/02/05 2:15 p.m.2 views

CVE-2021-3311

An issue was discovered in October through build 471. It reactivates an old session ID which had been invalid after a logout once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an...

9.8CVSS7.3AI score0.02903EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/02/05 4:47 a.m.35 views

CVE-2021-3311

An issue was discovered in October through build 471. It reactivates an old session ID which had been invalid after a logout once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an...

9.8AI score0.02903EPSS
Exploits1References3
CVE
CVE
added 2021/02/05 4:47 a.m.79 views

CVE-2021-3311

Affected software: October CMS (core / Auth/Manager.php authentication flow). Vulnerability: session management flaw where an old session ID, invalid after logout, can be reactivated on a new login, effectively allowing reuse of a previously valid session ID. Root cause: improper invalidation of ...

9.8CVSS9.5AI score0.02903EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder