HCL Technologies Compass 代码问题漏洞

HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. Manages the full range of testing activities and integration with developer tools. HCL Technologies Compass suffers from an Access Control Error vulnerability that stems from the application not disablin...

PT-2023-29705 · Unknown +1 · Archivebox +1

Name of the Vulnerable Software and Affected Versions: ArchiveBox affected versions not specified Description: The issue affects users of the wget extractor who view the content it outputs. If a user is logged in to the ArchiveBox admin site in the same browser session and views an archived...

Cross-Site Request Forgery Vulnerability in Logout Functionality

Description Logout CSRF is a security vulnerability where an attacker forces a user to unknowingly log out of their session by tricking them into triggering a logout request through a malicious website or link. GET http://localhost:8080/logout Proof of Concept history.pushState'', '', '/'...

CVE-2023-40537

An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2023-6399 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: The issue is related to an incorrect session expiration time, allowing an authenticated user's session cookie to remain valid for a limited time after logging out from the BIG-IP Configurati...

Cross-Site Request Forgery Vulnerability in Logout Functionality

Description Logout CSRF is a security vulnerability where an attacker forces a user to unknowingly log out of their session by tricking them into triggering a logout request through a malicious website or link. The csrftoken for the logout interface is invalid, it is recommended to change it to...

WordPress Inactive Logout Plugin <= 3.2.2 is vulnerable to Broken Access Control

Software Inactive Logout Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-44142 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 006870242fb0 Credits Elliot Required privilege...

Insufficient Session Expiration

Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests...

CVE-2023-29463

The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session...

CVE-2023-40732

A vulnerability has been identified in QMS Automotive All versions V12.39. The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks...

Red Hat 3scale API Management Platform Security Vulnerability

Red Hat 3scale API Management Platform is an API management infrastructure platform from Red Hat. It enables rapid API sharing, protection, distribution, control, and monetization. A security vulnerability exists in Red Hat 3scale API Management Platform, which originates from a user logging out...

Siemens QMS Automotive 代码问题漏洞

Siemens QMS Automotive is a quality management system for the automotive industry from Siemens, Germany. A code issue vulnerability exists in Siemens QMS Automotive, which stems from the affected application's QMS.Mobile module not invalidating session tokens upon logout. An attacker could exploi...

Rockwell Automation Pavilion8 授权问题漏洞

Rockwell Automation Pavilion8 is a model prediction console from Rockwell Automation. Rockwell Automation Pavilion8 suffers from an authorization issue vulnerability that stems from the fact that the JMX Console is publicly available to users and does not require authentication. An attacker could...

PT-2023-5466 · Red Hat · 3Scale Admin Portal

Name of the Vulnerable Software and Affected Versions: 3Scale Admin Portal affected versions not specified Description: A flaw was found in 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the...

CVE-2023-41041 User session is still usable after logout in graylog2-server

Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory cache of user sessions. Upon a cache-miss,...

How to Recognize NetScaler Gateway User Login and Logout Entries in ns.log

This article introduces how to locate gateway login and logout records in ns.log to monitor authentication success/failure for each user...

CVE-2023-40178

Node-SAML CVE-2023-40178 is a functional issue in validatePostRequestAsync that allows LogoutRequest XML to be reused beyond NotOnOrAfter due to missing current-timestamp checks. Root cause: absence of timestamp validity checks in the LogoutRequest validation flow (e.g., validatePostRequestAsync/...

CVE-2023-40273

The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database for database session backen...

node-saml 代码问题漏洞

node-saml is a SAML library that does not depend on any framework running in Node.js. A code issue vulnerability exists in Node-SAML versions prior to 4.0.5 that stems from not checking the current timestamp, and LogoutRequest XML can be reused multiple times...

PT-2023-27307 · Node-Saml · Node-Saml

Name of the Vulnerable Software and Affected Versions: Node-SAML versions prior to 4.0.5 Description: The lack of checking of the current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they wou...