Lucene search
GoogleOSV:GHSA-35W3-6QHC-474VHistoryMar 29, 2024 - 8:16 p.m.
@workos-inc/authkit-nextjs session replay vulnerability
2024-03-2920:16:00
Google
osv.dev
6
session replay
expired session
header control
security patch
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
5.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Impact
A user can reuse an expired session by controlling the x-workos-session header.
Patches
Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| @workos-inc/authkit-nextjs | lt | 0.4.2 |
Related
veracode
veracode
Session Fixation
2024-04-01 03:29:57
nvd
nvd
CVE-2024-29901
2024-03-29 16:15:08
osv
osv
CVE-2024-29901
2024-03-29 16:15:08
cvelist
cvelist
CVE-2024-29901 @workos-inc/authkit-nextjs session replay vulnerability
2024-03-29 15:23:02
cve
cve
CVE-2024-29901
2024-03-29 16:15:08
github
github
@workos-inc/authkit-nextjs session replay vulnerability
2024-03-29 20:16:00
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
5.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Related for OSV:GHSA-35W3-6QHC-474V