Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:19 a.m.9 views

CVE-2023-42446

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expi...

6.5CVSS7.1AI score0.00453EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/09/18 9:29 p.m.16 views

CVE-2023-42446 Pow Mnesia cache doesn't invalidate all expired keys on startup

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expi...

6.5CVSS7.1AI score0.00453EPSS
Exploits1References2
OSV
OSV
added 2023/09/18 9:29 p.m.24 views

CVE-2023-42446 Pow Mnesia cache doesn't invalidate all expired keys on startup

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of Pow.Store.Backend.MnesiaCache is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expi...

6.5CVSS6.6AI score0.00453EPSS
Exploits1References4
CVE
CVE
added 2023/09/18 9:29 p.m.48 views

CVE-2023-42446

Pow is a Phoenix/Plug authentication library. CVE-2023-42446 affects Pow.Store.Backend.MnesiaCache in versions 1.0.14 up to, but not including, 1.0.34, where expired keys are not correctly invalidated on startup, allowing potential session hijacking if all MnesiaCache instances are down past a se...

6.5CVSS6.6AI score0.00453EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder