CVE-2024-31447

Shopware 6 contains an improper session handling issue in the store-api logout path. For versions 6.3.5.0 up to but not including 6.6.1.0 and 6.5.8.8, an authenticated POST to /store-api/account/logout clears the cart but does not log the user out. The issue is limited to direct store-api usage; ...

CVE-2024-31447 Shopware has Improper Session Handling in store-api

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to POST /store-api/account/logout, the cart will be cleared, but the User won't be logged out. This affects only...

Shopware 安全漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. A security vulnerability exists in Shopware 6 that stems from the fact that when an authenticated request is made to POST /store-api/account/logoutCustomerLogoutEvent, the shopping cart is cleared but the use...

PT-2024-24081 · Shopware · Shopware 6

Name of the Vulnerable Software and Affected Versions: Shopware 6 versions 6.3.5.0 through 6.6.1.0 and prior to 6.5.8.8 can be simplified to: Shopware 6 versions 6.3.5.0 through 6.6.0 and versions 6.5.0 through 6.5.8.7 Description: Shopware 6 is an open commerce platform based on Symfony Framewor...

GO-2024-2539 Cross-site request forgery via logout button in github.com/mattermost/mattermost-plugin-jira

Cross-site request forgery via logout button in github.com/mattermost/mattermost-plugin-jira...

PT-2024-21073 · Avsystem · Avsystem Unified Management Platform

Name of the Vulnerable Software and Affected Versions: AVSystem Unified Management Platform UMP version 23.07.0.16567LTS Description: An open redirect in the Login/Logout functionality of web management could allow attackers to redirect authenticated users to malicious websites. Recommendations:...

CVE-2024-25657

An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform UMP 23.07.0.16567LTS could allow attackers to redirect authenticated users to malicious websites...

AVSystem Unified Management Platform Security Vulnerability

AVSystem Unified Management Platform is a comprehensive management platform from AVSystem designed to help enterprises, service providers and carriers manage and monitor their network devices, Internet of Things IoT devices and services. A security vulnerability exists in AVSystem Unified...

CVE-2024-1623

Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not...

Shopware's session is persistent in Cache for 404 pages

Impact The Symfony Session Handler, pop's the Session Cookie and assign it to the Response. Since Shopware 6.5.8.0 the 404 pages, are cached, to improve the performance of 404 pages. So the cached Response, contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The...

BIT-MATTERMOST-2024-23319

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...

BIT-JUPYTERHUB-2021-41247 incomplete logout in JupyterHub

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a NULL pointer dereference problem during tty device logout...

IBM PowerSC Session Fixation Vulnerability

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from a session fixation vulnerability that stems from the failure to provide logout functionality, which could be exploited by an attacker to gain access to...

PT-2024-13342 · Discourse · Discourse-Microsoft-Auth

Name of the Vulnerable Software and Affected Versions: discourse-microsoft-auth plugin affected versions not specified Description: The discourse-microsoft-auth plugin enables authentication via Microsoft. On sites with this plugin enabled, an attack can potentially take control of a victim's...

GHSA-VP66-GF7W-9M4X Insufficient Session Expiration in github.com/greenpau/caddy-security

All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers w...

CVE-2024-21492

All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers w...

CVE-2024-21492

All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers w...

Session fixation

All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers w...

CVE-2024-21492

CVE-2024-21492 affects github.com/greenpau/caddy-security. All versions are reported vulnerable to Insufficient Session Expiration due to improper user session invalidation after Sign Out, allowing sessions to remain active after requests to /logout and /oauth2/google/logout and enabling actions ...