Session Fixation

Zenml-io/zenml is vulnerable to session fixation. The vulnerability is due to JWT tokens used for user authentication not being invalidated upon logout, allowing an attacker to reuse a victim's JWT token to bypass authentication mechanisms...

PT-2024-11925 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access...

keycloak: impersonation via logout token exchange

A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions...

zenml Session Fixation vulnerability

A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token...

GHSA-G3R5-72HF-P7P2 zenml Session Fixation vulnerability

A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token...

PYSEC-2024-254

A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token...

CVE-2024-2260

A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token...

CVE-2024-2260 Session Fixation Vulnerability in zenml-io/zenml

A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token...

CVE-2024-23558

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

CVE-2024-23558

The CVE-2024-23558 entry concerns HCL DevOps Deploy / HCL Launch where logout does not invalidate the user session, enabling an authenticated user to impersonate another user on the system. Connected documents confirm the issue origin as a session invalidation failure after logout, with CVSS deta...

HCL Technologies HCL Launch 安全漏洞

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, Inc. It is used to handle the most complex deployment processes in DevOps. A security vulnerability exists in HCL DevOps Deploy and HCL Launch that stems from not invalidati...

PT-2024-19939 · Hcl · Hcl Devops Deploy +1

Name of the Vulnerable Software and Affected Versions: HCL DevOps Deploy / HCL Launch affected versions not specified Description: The issue arises from the failure of HCL DevOps Deploy / HCL Launch to invalidate a user's session after they log out. This could potentially allow an authenticated...

CVE-2024-22358

IBM UrbanCode Deploy (UCD) and IBM DevOps Deploy are affected by CVE-2024-22358: upon logout, sessions are not invalidated, allowing an authenticated user to impersonate another user. Affected versions include UCD 7.0–7.0.5.20, 7.1–7.1.2.16, 7.2–7.2.3.9, 7.3–7.3.2.4 and DevOps Deploy 8.0–8.0.0.1....

IBM UrbanCode Deploy 代码问题漏洞

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

PT-2024-24290 · WordPress · Aminur Islam Wp Login/Logout Redirect

Name of the Vulnerable Software and Affected Versions: Aminur Islam WP Login and Logout Redirect versions 1.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that ...

WordPress WP Login and Logout Redirect Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)

Software WP Login and Logout Redirect Type Plugin Vulnerable versions = 1.2 Fixed in 2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-31927 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ef2bde5f4a22 Credits Dhabaleshwar Das Required...

Insufficient Session Expiration

Shopware is vulnerable to Insufficient Session Expiration. The vulnerability is caused due to improper session management within LogoutRoute.php, specifically in the handling of authenticated logout requests to the /store-api/account/logout POST endpoint. This leads to the cart being cleared...

CVE-2024-31447

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only...

Shopware Improper Session Handling in store-api account logout

Impact When a authentificated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on CustomerLogoutEvent and invalidates the session additionally...

GHSA-5297-WRRP-RCJ7 Shopware Improper Session Handling in store-api account logout

Impact When a authentificated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on CustomerLogoutEvent and invalidates the session additionally...