Lucene search
Veracode Vulnerability DatabaseVERACODE:46881HistoryMay 14, 2024 - 3:57 a.m.
Insufficient Session Token Expiration
2024-05-1403:57:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
directus
vulnerability
session tokens
expiration
software
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
AI Score
7
Confidence
High
EPSS
0
Percentile
9.0%
directus is vulnerable to Insufficient Session Token Expiration. This vulnerability is due to improperly invalidating session tokens upon logout, resulting in them remaining valid until their expiration time of one day.
Related
cve
cve
CVE-2024-34709
2024-05-14 15:39:31
github
github
Directus Lacks Session Tokens Invalidation
2024-05-13 19:59:39
nvd
nvd
CVE-2024-34709
2024-05-14 15:39:31
cvelist
cvelist
CVE-2024-34709 Directus Lacks Session Tokens Invalidation
2024-05-13 19:39:32
vulnrichment
vulnrichment
CVE-2024-34709 Directus Lacks Session Tokens Invalidation
2024-05-13 19:39:32
osv
osv
CVE-2024-34709
2024-05-14 15:39:31
Directus Lacks Session Tokens Invalidation
2024-05-13 19:59:39
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
AI Score
7
Confidence
High
EPSS
0
Percentile
9.0%
Related for VERACODE:46881