Veracode Vulnerability DatabaseVERACODE:46401Insufficient Session Expiration
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%
@digitalbazaar/zcap is vulnerable to Insufficient Session Expiration. This vulnerability is due to improper validation of the expires property when invoking a capability with a chain depth of 2, allowing invocations outside the intended period.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @digitalbazaar/zcap | le | 9.0.0 | |
| @digitalbazaar/zcap | le | 9.0.0 |
References
github.com/advisories/GHSA-hp8h-7x69-4wmv
github.com/digitalbazaar/zcap/commit/261eea040109b6e25159c88d8ed49d3c37f8fcfe
github.com/digitalbazaar/zcap/commit/55f8549c80124b85dfb0f3dcf83f2c63f42532e5
github.com/digitalbazaar/zcap/pull/82
github.com/digitalbazaar/zcap/security/advisories/GHSA-hp8h-7x69-4wmv
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%