74 matches found
CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix
Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...
CVE-2025-4754 Missing Session Revocation on Logout in ash_authentication_phoenix
Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex. This issue affects ashauthenticationphoenix until 2.10.0...
CVE-2025-4754
CVE-2025-4754 describes an Insufficient Session Expiration vulnerability in ash_authentication_phoenix (ash-project) that enables session hijacking. Affected component: lib/ash_authentication_phoenix/controller.ex; affected until version 2.10.0. Reported impact includes tokens remaining valid aft...
CVE-2022-47406
An issue was discovered in the fechangepwd aka Change password for frontend users extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed...
CVE-2020-13307
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access...
CVE-2020-13302
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password...
CVE-2025-29928
authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage which is a non-default setting, deleting sessions via the Web Interface or the API would not revoke the session and the session holder wou...
CVE-2025-29928 authentik's deletion of sessions did not revoke sessions when using database session storage
authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage which is a non-default setting, deleting sessions via the Web Interface or the API would not revoke the session and the session holder wou...
GitLab 7.11 < 13.1.10 / 13.2 < 13.2.8 / 13.3 < 13.3.4 (CVE-2020-13302)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a us...
BIT-GITLAB-2020-13307
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access...
CVE-2022-47406
An issue was discovered in the fechangepwd aka Change password for frontend users extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed...
Default credentials
An issue was discovered in the fechangepwd aka Change password for frontend users extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed...
CVE-2022-23502
TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both...
Default credentials
TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both...
CVE-2022-23502
TYPO3 contains an Insufficient Session Expiration after Password Reset vulnerability (CVE-2022-23502). The issue affects TYPO3 core versions prior to 10.4.33, 11.5.20, and 12.1.1, where password-reset sessions for a user account were not revoked for both frontend and backend sessions. The vulnera...
CVE-2022-23502 TYPO3 contains Insufficient Session Expiration after Password Reset
TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both...
TYPO3 代码问题漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 fechangepwd that stems from the extension's inability to revoke an existing session for the current user when the password is changed...
PT-2022-28056 · Typo3 · Fe Change Pwd
Name of the Vulnerable Software and Affected Versions: fe change pwd extension versions 2.0.5 and earlier, 3.x versions prior to 3.0.3 Description: An issue was discovered in the fe change pwd extension for TYPO3, where the extension fails to revoke existing sessions for the current user when the...
PT-2022-16035 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 10.4.33 TYPO3 versions prior to 11.5.20 TYPO3 versions prior to 12.1.1 Description: The issue concerns the password recovery functionality in TYPO3, an open source PHP based web content management system. When users...
TYPO3 10.0.0 < 10.4.33 / 11.0.0 < 11.5.20 / 12.0.0 < 12.1.1 (TYPO3-CORE-SA-2022-014)
The version of TYPO3 installed on the remote host is prior to 10.0.0 10.4.33 / 11.0.0 11.5.20 / 12.0.0 12.1.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2022-014 advisory. - When users reset their password using the corresponding password recovery...