Insufficient Session Expiration

2024-08-0607:45:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

apache_airflow_providers_fab

vulnerability

improper session management

logout

attackers

user sessions

account

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.003

Percentile

71.1%

JSON

apache_airflow_providers_fab is vulnerable to Insufficient Session Expiration. The vulnerability is due to improper session management, which fails to terminate user sessions upon logout and allowing attackers to continue accessing a user’s session or account.