7 matches found
CVE-2021-26921
In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled...
CVE-2024-46892
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing...
CVE-2024-46892
CVE-2024-46892 affects Siemens SINEC INS (versions earlier than V1.0 SP2 Update 3). The issue is improper session invalidation: when a user is deleted, disabled, or has permissions changed, the system may allow the attacker’s authenticated session to remain active and perform actions post-change....
CVE-2024-46892
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing...
CVE-2021-26921
In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled...
Code injection
In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled...
CVE-2021-26921
In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled...