Lucene search

Veracode Vulnerability DatabaseVERACODE:44080

HistoryNov 01, 2023 - 3:57 a.m.

Insufficient Session Expiration

2023-11-0103:57:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

insufficient session expiration

vulnerable

permission change

authenticated attacker

old session id

user account

unauthorized actions

software

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.6%

JSON

thorsten/phpmyfaq is vulnerable to Insufficient Session Expiration. The vulnerability occur when a users permission changes allowing an authenticated attacker to reuse an old session ID to access a user’s account, even after the user has logged out which allows the attacker to perform unauthorised actions.

CPENameOperatorVersion
thorsten/phpmyfaqle3.2.1
thorsten/phpmyfaqle3.2.1

CPE	Name	Operator	Version
	thorsten/phpmyfaq	le	3.2.1
	thorsten/phpmyfaq	le	3.2.1

References

github.com/advisories/GHSA-f728-prhw-2g68

github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5

huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff

huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.6%

JSON

Related for VERACODE:44080