CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
EPSS
Percentile
54.1%
getkirby/cms is vulnerable to Insufficient Session Expiration. The vulnerability exists because web sessions are not properly expired which permits an attacker to reuse old session credentials or session IDs for authorization.
github.com/getkirby/kirby/commit/21620cbb9bac3ea5ae2522ef16621e2ae4aa17a3
github.com/getkirby/kirby/commit/7a0a2014c69fdb925ea02f30e7793bb50115e931
github.com/getkirby/kirby/commit/a9bf7de5dc0a6b61ddcbcbf3b9fcb3d3fbc457f6
github.com/getkirby/kirby/commit/b32b66ab12185bb9596da66cc6f8d688b53f142c
github.com/getkirby/kirby/commit/dc9b10547d07fa36e750f595c9a9e22bb1df8786
github.com/getkirby/kirby/releases/tag/3.5.8.3
github.com/getkirby/kirby/releases/tag/3.6.6.3
github.com/getkirby/kirby/releases/tag/3.7.5.2
github.com/getkirby/kirby/releases/tag/3.8.4.1
github.com/getkirby/kirby/releases/tag/3.9.6
github.com/getkirby/kirby/security/advisories/GHSA-5mvj-rvp8-rf45