5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
64.7%
Security researcher Ali Razzaq has discovered that existing sessions are not correctly invalidated when a user changes their password in the backend or frontend.
CPE | Name | Operator | Version |
---|---|---|---|
contao/core | lt | 3.5.39 | |
contao/core-bundle | lt | 4.7.3 | |
contao/core-bundle | lt | 4.4.37 | |
contao/contao | lt | 4.7.3 | |
contao/contao | lt | 4.4.37 |
contao.org/en/news/security-vulnerability-cve-2019-10641.html
github.com/advisories/GHSA-vcgg-hp4r-87gx
github.com/contao/contao/commit/74c7dfafa0dfa5363a9463b486522d5d526e28fe
github.com/contao/contao/commit/b92e27bc7c9e59226077937f840c74ffd0f672e8
github.com/contao/core/commit/119a1b5bd9e62d27ca2838727084d04f3b7fcd32
github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-10641.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-10641.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2019-10641.yaml
nvd.nist.gov/vuln/detail/CVE-2019-10641
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
64.7%