Lucene search
K

74 matches found

Vulnrichment
Vulnrichment
added 2025/06/17 2:31 p.m.2 views

CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix

Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...

2.3CVSS6.6AI score0.00402EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/06/17 2:31 p.m.11 views

CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix

Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...

2.3CVSS0.00402EPSS
Exploits0References5
CVE
CVE
added 2025/06/17 2:31 p.m.21 views

CVE-2025-4754

CVE-2025-4754 describes an Insufficient Session Expiration vulnerability in ash_authentication_phoenix (ash-project) that enables session hijacking. Affected component: lib/ash_authentication_phoenix/controller.ex; affected until version 2.10.0. Reported impact includes tokens remaining valid aft...

2.3CVSS6.6AI score0.00402EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 12:26 a.m.5 views

CVE-2022-47406

An issue was discovered in the fechangepwd aka Change password for frontend users extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed...

9.8CVSS6.9AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:9 p.m.9 views

CVE-2020-13307

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access...

6CVSS6.6AI score0.01009EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:0 p.m.9 views

CVE-2020-13302

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password...

7.2CVSS6.3AI score0.01132EPSS
Exploits0
NVD
NVD
added 2025/03/28 3:15 p.m.11 views

CVE-2025-29928

authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage which is a non-default setting, deleting sessions via the Web Interface or the API would not revoke the session and the session holder wou...

8CVSS0.00364EPSS
Exploits0References2
OSV
OSV
added 2025/03/28 2:42 p.m.17 views

CVE-2025-29928 authentik's deletion of sessions did not revoke sessions when using database session storage

authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage which is a non-default setting, deleting sessions via the Web Interface or the API would not revoke the session and the session holder wou...

8CVSS6.6AI score0.00364EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/17 12:0 a.m.23 views

GitLab 7.11 < 13.1.10 / 13.2 < 13.2.8 / 13.3 < 13.3.4 (CVE-2020-13302)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a us...

7.2CVSS7.1AI score0.01132EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:22 a.m.29 views

BIT-GITLAB-2020-13307

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access...

6CVSS4.7AI score0.01009EPSS
Exploits0References4
OSV
OSV
added 2022/12/14 9:15 p.m.18 views

CVE-2022-47406

An issue was discovered in the fechangepwd aka Change password for frontend users extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed...

9.8CVSS9.6AI score
Exploits0References1
Prion
Prion
added 2022/12/14 9:15 p.m.11 views

Default credentials

An issue was discovered in the fechangepwd aka Change password for frontend users extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed...

7.5CVSS9.5AI score0.00441EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2022/12/14 8:15 a.m.33 views

CVE-2022-23502

TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both...

5.4CVSS6.1AI score0.004EPSS
Exploits0References2
Prion
Prion
added 2022/12/14 8:15 a.m.13 views

Default credentials

TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both...

5.5CVSS5.8AI score0.004EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/12/14 7:34 a.m.119 views

CVE-2022-23502

TYPO3 contains an Insufficient Session Expiration after Password Reset vulnerability (CVE-2022-23502). The issue affects TYPO3 core versions prior to 10.4.33, 11.5.20, and 12.1.1, where password-reset sessions for a user account were not revoked for both frontend and backend sessions. The vulnera...

5.4CVSS5.8AI score0.004EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/14 7:34 a.m.6 views

CVE-2022-23502 TYPO3 contains Insufficient Session Expiration after Password Reset

TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both...

5.4CVSS5.5AI score0.004EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/12/14 12:0 a.m.4 views

TYPO3 代码问题漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 fechangepwd that stems from the extension's inability to revoke an existing session for the current user when the password is changed...

9.8CVSS8.2AI score0.00441EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/12/14 12:0 a.m.16 views

PT-2022-28056 · Typo3 · Fe Change Pwd

Name of the Vulnerable Software and Affected Versions: fe change pwd extension versions 2.0.5 and earlier, 3.x versions prior to 3.0.3 Description: An issue was discovered in the fe change pwd extension for TYPO3, where the extension fails to revoke existing sessions for the current user when the...

9.8CVSS7.3AI score0.00441EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.5 views

PT-2022-16035 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 10.4.33 TYPO3 versions prior to 11.5.20 TYPO3 versions prior to 12.1.1 Description: The issue concerns the password recovery functionality in TYPO3, an open source PHP based web content management system. When users...

5.4CVSS5.5AI score0.004EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2022/12/13 12:0 a.m.25 views

TYPO3 10.0.0 < 10.4.33 / 11.0.0 < 11.5.20 / 12.0.0 < 12.1.1 (TYPO3-CORE-SA-2022-014)

The version of TYPO3 installed on the remote host is prior to 10.0.0 10.4.33 / 11.0.0 11.5.20 / 12.0.0 12.1.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2022-014 advisory. - When users reset their password using the corresponding password recovery...

5.4CVSS5.7AI score0.004EPSS
Exploits0References2
Rows per page
Query Builder