grumpydictator/firefly-iii is vulnerable to Insufficient Session Expiration. The vulnerability exists due to improper session configurations in session.php
which allows an authenticated remote attacker to reuse session tokens because they do not expire after log out.
CPE | Name | Operator | Version |
---|---|---|---|
grumpydictator/firefly-iii | le | v6.0.0-beta.2 | |
grumpydictator/firefly-iii | le | v6.0.0-beta.2 |