Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:38011
HistoryNov 16, 2022 - 3:15 a.m.

Improper Session Management

2022-11-1603:15:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
rdiffweb
vulnerability
improper session management
session tokens
password change
users

EPSS

0.002

Percentile

57.1%

JSON

rdiffweb is vulnerable to Improper Session Management. The vulnerability exists because the library does not invalidate all the session tokens for a user on a password change, resulting in users logged in with the old password to continue being logged in.

Related

nvd 1
cve 1
osv 3
cvelist 1
github 1
huntr 1
prion 1
nvd
nvd
CVE-2022-3362
2022-11-14 21:15:16
cve
cve
CVE-2022-3362
2022-11-14 21:15:16
osv
osv
rdiffweb vulnerable to Insufficient Session Expiration
2022-11-15 12:00:17
PYSEC-2022-43000
2022-11-14 21:15:00
CVE-2022-3362
2022-11-14 21:15:16
cvelist
cvelist
CVE-2022-3362 Insufficient Session Expiration in ikus060/rdiffweb
2022-11-14 00:00:00
github
github
rdiffweb vulnerable to Insufficient Session Expiration
2022-11-15 12:00:17
huntr
huntr
Session does not expire on password reset
2022-09-29 19:00:03
prion
prion
Session fixation
2022-11-14 21:15:00

EPSS

0.002

Percentile

57.1%

JSON
Related for VERACODE:38011
nvd1cve1osv3cvelist1github1huntr1prion1