PT-2024-18908

Name of the Vulnerable Software and Affected Versions github.com/greenpau/caddy-security affected versions not specified Description The issue is related to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid ev...

spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout

A flaw was found in Spring Security. In affected versions of Spring Security, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. Th...

CVE-2024-23319

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...

CVE-2024-23319

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...

Cross site request forgery (csrf)

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...

CVE-2024-23319 CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin)

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...

CVE-2024-23319

Affected software: Mattermost Jira Plugin. Vulnerability details: The plugin fails to protect against logout CSRF, allowing an attacker to disconnect a user’s Jira connection in Mattermost by simply viewing a crafted message. The issue lies in inadequate CSRF protection for logout-related actions...

CVE-2024-23319 CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin)

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...

CVE-2023-45187 IBM Engineering Lifecycle Optimization - Publishing session fixation

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749...

Mattermost 跨站请求伪造漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a cross-site request forgery vulnerability that stems from the Jira plugin's inability to prevent logout CSRF, which can be exploited by an attacker to post a specially crafted...

IBM Engineering Lifecycle Optimization Code Issue Vulnerability

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from International Business Machines IBM. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that...

PT-2024-19806 · Mattermost · Mattermost Jira Plugin

Name of the Vulnerable Software and Affected Versions: Mattermost Jira Plugin affected versions not specified Description: The Mattermost Jira Plugin fails to protect against logout CSRF, allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in...

PT-2024-13219 · Ibm · Ibm Engineering Lifecycle Optimization - Publishing

Name of the Vulnerable Software and Affected Versions: IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 through 7.0.3 Description: The issue allows an authenticated user to impersonate another user on the system due to the failure to invalidate session after logout...

CVE-2023-50941

IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131...

Session fixation

IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131...

CVE-2023-50936

IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116...

CVE-2023-50941 IBM PowerSC session fixation

IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131...

IBM PowerSC 代码问题漏洞

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. A session fixation vulnerability exists in IBM PowerSC, which stems from a failure to disable a session after logging out, and can be exploited by an attacker to impersonate anoth...

IBM PowerSC 授权问题漏洞

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from a session fixation vulnerability that stems from the failure to provide logout functionality, which could be exploited by an attacker to gain access to...

PT-2024-14023 · Ibm · Ibm Powersc

Name of the Vulnerable Software and Affected Versions: IBM PowerSC versions 1.3 through 2.1 Description: The issue is related to the lack of logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. Recommendations: For IBM PowerS...