Lucene search
Veracode Vulnerability DatabaseVERACODE:40108HistoryApr 11, 2023 - 10:09 a.m.
Insufficient Session Expiration
2023-04-1110:09:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
insufficient session expiration
vulnerability
improper session configurations
remote attacker
session tokens
log out
0.002 Low
EPSS
Percentile
56.2%
grumpydictator/firefly-iii is vulnerable to Insufficient Session Expiration. The vulnerability exists due to improper session configurations in session.php which allows an authenticated remote attacker to reuse session tokens because they do not expire after log out.
| CPE | Name | Operator | Version |
|---|---|---|---|
| grumpydictator/firefly-iii | le | v6.0.0-beta.2 | |
| grumpydictator/firefly-iii | le | v6.0.0-beta.2 |
Related
osv
osv
CVE-2023-1788
2023-04-05 16:15:07
Firefly III insufficiently expires sessions
2023-04-05 18:30:18
nvd
nvd
CVE-2023-1788
2023-04-05 16:15:07
cve
cve
CVE-2023-1788
2023-04-05 16:15:07
cvelist
cvelist
CVE-2023-1788 Insufficient Session Expiration in firefly-iii/firefly-iii
2023-04-05 00:00:00
github
github
Firefly III insufficiently expires sessions
2023-04-05 18:30:18
huntr
huntr
Insufficient Session Expiration
2023-02-19 10:33:42
prion
prion
Session fixation
2023-04-05 16:15:00