CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
43.4%
Cosmos-server is vulnerable to Insufficient Session Expiration. The vulnerability is due to the authorization header (Jwttoken) used for user login remaining valid and not expiring after log out. This allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out.