Common Weakness Enumeration

CWE-613

Allowed-with-Review

Insufficient Session Expiration

Abstraction: Base · Status: Incomplete

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

875 vulnerabilities reference this CWE, most recent first.

CVE-2023-5889 (GCVE-0-2023-5889)

Vulnerability from cvelistv5 – Published: 2023-11-01 00:00 – Updated: 2024-09-12 19:46
VLAI
Title
Insufficient Session Expiration in pkp/pkp-lib
Summary
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Vendor Product Version
pkp pkp/pkp-lib Affected: unspecified , < 3.3.0-16 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:14:24.634Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/fba2991a-1b8a-4c89-9689-d708526928e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/pkp/pkp-lib/commit/32d071ef2090fc336bc17d56a86d1dff90c26f0b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5889",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-05T19:47:37.415878Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T19:46:53.033Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pkp/pkp-lib",
          "vendor": "pkp",
          "versions": [
            {
              "lessThan": "3.3.0-16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-01T00:00:18.857Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/fba2991a-1b8a-4c89-9689-d708526928e1"
        },
        {
          "url": "https://github.com/pkp/pkp-lib/commit/32d071ef2090fc336bc17d56a86d1dff90c26f0b"
        }
      ],
      "source": {
        "advisory": "fba2991a-1b8a-4c89-9689-d708526928e1",
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Session Expiration in pkp/pkp-lib"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-5889",
    "datePublished": "2023-11-01T00:00:18.857Z",
    "dateReserved": "2023-11-01T00:00:06.287Z",
    "dateUpdated": "2024-09-12T19:46:53.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-5865 (GCVE-0-2023-5865)

Vulnerability from cvelistv5 – Published: 2023-10-31 00:00 – Updated: 2024-09-17 13:35
VLAI
Title
Insufficient Session Expiration in thorsten/phpmyfaq
Summary
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Vendor Product Version
thorsten thorsten/phpmyfaq Affected: unspecified , < 3.2.2 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:14:24.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5865",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-06T14:18:18.925983Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T13:35:48.990Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "thorsten/phpmyfaq",
          "vendor": "thorsten",
          "versions": [
            {
              "lessThan": "3.2.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-31T00:00:40.896Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff"
        },
        {
          "url": "https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5"
        }
      ],
      "source": {
        "advisory": "4c4b7395-d9fd-4ca0-98d7-2e20c1249aff",
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Session Expiration in thorsten/phpmyfaq"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-5865",
    "datePublished": "2023-10-31T00:00:40.896Z",
    "dateReserved": "2023-10-31T00:00:36.972Z",
    "dateUpdated": "2024-09-17T13:35:48.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-5838 (GCVE-0-2023-5838)

Vulnerability from cvelistv5 – Published: 2023-10-29 00:00 – Updated: 2024-09-06 19:34
VLAI
Title
Insufficient Session Expiration in linkstackorg/linkstack
Summary
Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Vendor Product Version
linkstackorg linkstackorg/linkstack Affected: unspecified , < v4.2.9 (custom)
Create a notification for this product.
linkstack linkstack Affected: 0 , < 4.2.9 (custom)
    cpe:2.3:a:linkstack:linkstack:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:14:24.168Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/8f6feca3-386d-4897-801c-39b9e3e5eb03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/linkstackorg/linkstack/commit/02f620092255f07e1d0252a0190fd42ef773ba05"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:linkstack:linkstack:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linkstack",
            "vendor": "linkstack",
            "versions": [
              {
                "lessThan": "4.2.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5838",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-06T19:29:04.079027Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-06T19:34:28.078Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "linkstackorg/linkstack",
          "vendor": "linkstackorg",
          "versions": [
            {
              "lessThan": "v4.2.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-29T00:00:20.232Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/8f6feca3-386d-4897-801c-39b9e3e5eb03"
        },
        {
          "url": "https://github.com/linkstackorg/linkstack/commit/02f620092255f07e1d0252a0190fd42ef773ba05"
        }
      ],
      "source": {
        "advisory": "8f6feca3-386d-4897-801c-39b9e3e5eb03",
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Session Expiration in linkstackorg/linkstack"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-5838",
    "datePublished": "2023-10-29T00:00:20.232Z",
    "dateReserved": "2023-10-29T00:00:07.232Z",
    "dateUpdated": "2024-09-06T19:34:28.078Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4320 (GCVE-0-2023-4320)

Vulnerability from cvelistv5 – Published: 2023-12-18 13:43 – Updated: 2025-11-20 18:27
VLAI
Title
Satellite: arithmetic overflow in satellite
Summary
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2024:2010 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-4320 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2231814 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat Satellite 6.15 for RHEL 8 Unaffected: 0:3.9.1.6-1.el8sat , < * (rpm)
    cpe:/a:redhat:satellite_utils:6.15::el8
    cpe:/a:redhat:satellite_capsule:6.15::el8
    cpe:/a:redhat:satellite:6.15::el8
    cpe:/a:redhat:satellite_maintenance:6.15::el8
Create a notification for this product.
Date Public
2023-08-14 09:03
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:24:04.665Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:2010",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2010"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-4320"
          },
          {
            "name": "RHBZ#2231814",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231814"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4320",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-18T17:19:39.561521Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-17T15:12:24.156Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.15::el8",
            "cpe:/a:redhat:satellite_capsule:6.15::el8",
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_maintenance:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.9.1.6-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.15::el8",
            "cpe:/a:redhat:satellite_capsule:6.15::el8",
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_maintenance:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.9.1.6-1.el8sat",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:satellite_utils:6.15::el8",
            "cpe:/a:redhat:satellite_capsule:6.15::el8",
            "cpe:/a:redhat:satellite:6.15::el8",
            "cpe:/a:redhat:satellite_maintenance:6.15::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "foreman",
          "product": "Red Hat Satellite 6.15 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.9.1.6-1.el8sat",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2023-08-14T09:03:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system\u0027s integrity."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T18:27:27.972Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:2010",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2010"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-4320"
        },
        {
          "name": "RHBZ#2231814",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231814"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-08-14T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-08-14T09:03:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Satellite: arithmetic overflow in satellite",
      "x_redhatCweChain": "CWE-613: Insufficient Session Expiration"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-4320",
    "datePublished": "2023-12-18T13:43:07.747Z",
    "dateReserved": "2023-08-14T08:42:02.181Z",
    "dateUpdated": "2025-11-20T18:27:27.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-4190 (GCVE-0-2023-4190)

Vulnerability from cvelistv5 – Published: 2023-08-06 00:00 – Updated: 2024-10-09 18:21
VLAI
Title
Insufficient Session Expiration in admidio/admidio
Summary
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Vendor Product Version
admidio admidio/admidio Affected: unspecified , < 4.2.11 (custom)
Create a notification for this product.
admidio admidio Affected: 0 , < 4.2.11 (custom)
    cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:17:12.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/71bc75d2-320c-4332-ad11-9de535a06d92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/admidio/admidio/commit/391fb2af5bee641837a58e7dd66ff76eac92bb74"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "admidio",
            "vendor": "admidio",
            "versions": [
              {
                "lessThan": "4.2.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4190",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T18:00:22.431655Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T18:21:42.840Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "admidio/admidio",
          "vendor": "admidio",
          "versions": [
            {
              "lessThan": "4.2.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-06T00:00:20.469Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/71bc75d2-320c-4332-ad11-9de535a06d92"
        },
        {
          "url": "https://github.com/admidio/admidio/commit/391fb2af5bee641837a58e7dd66ff76eac92bb74"
        }
      ],
      "source": {
        "advisory": "71bc75d2-320c-4332-ad11-9de535a06d92",
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Session Expiration in admidio/admidio"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-4190",
    "datePublished": "2023-08-06T00:00:20.469Z",
    "dateReserved": "2023-08-06T00:00:06.891Z",
    "dateUpdated": "2024-10-09T18:21:42.840Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4126 (GCVE-0-2023-4126)

Vulnerability from cvelistv5 – Published: 2023-08-03 03:08 – Updated: 2024-10-10 20:16
VLAI
Title
Insufficient Session Expiration in answerdev/answer
Summary
Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Vendor Product Version
answerdev answerdev/answer Affected: unspecified , < v1.1.0 (custom)
Create a notification for this product.
answer answer Affected: 0 , < 1.1.0 (custom)
    cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:17:11.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/7f50bf1c-bcb9-46ca-8cec-211493d280c5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/answerdev/answer/commit/4f468b58d0dea51290bfbdd3e96332b0014c8730"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "answer",
            "vendor": "answer",
            "versions": [
              {
                "lessThan": "1.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4126",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T20:09:00.657564Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-10T20:16:50.358Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "answerdev/answer",
          "vendor": "answerdev",
          "versions": [
            {
              "lessThan": "v1.1.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-03T03:08:57.887Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/7f50bf1c-bcb9-46ca-8cec-211493d280c5"
        },
        {
          "url": "https://github.com/answerdev/answer/commit/4f468b58d0dea51290bfbdd3e96332b0014c8730"
        }
      ],
      "source": {
        "advisory": "7f50bf1c-bcb9-46ca-8cec-211493d280c5",
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Session Expiration in answerdev/answer"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-4126",
    "datePublished": "2023-08-03T03:08:57.887Z",
    "dateReserved": "2023-08-03T03:08:53.069Z",
    "dateUpdated": "2024-10-10T20:16:50.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4005 (GCVE-0-2023-4005)

Vulnerability from cvelistv5 – Published: 2023-07-31 00:00 – Updated: 2024-10-11 19:42
VLAI
Title
Insufficient Session Expiration in fossbilling/fossbilling
Summary
Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Vendor Product Version
fossbilling fossbilling/fossbilling Affected: unspecified , < 0.5.5 (custom)
Create a notification for this product.
fossbilling fossbilling Affected: 0 , < 0.5.5 (custom)
    cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:17:10.433Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fossbilling",
            "vendor": "fossbilling",
            "versions": [
              {
                "lessThan": "0.5.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4005",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T19:40:38.423757Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T19:42:51.262Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "fossbilling/fossbilling",
          "vendor": "fossbilling",
          "versions": [
            {
              "lessThan": "0.5.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-31T00:00:19.477Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4"
        },
        {
          "url": "https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1"
        }
      ],
      "source": {
        "advisory": "f0aacce1-79bc-4765-95f1-7e824433b9e4",
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Session Expiration in fossbilling/fossbilling"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-4005",
    "datePublished": "2023-07-31T00:00:19.477Z",
    "dateReserved": "2023-07-31T00:00:06.708Z",
    "dateUpdated": "2024-10-11T19:42:51.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1854 (GCVE-0-2023-1854)

Vulnerability from cvelistv5 – Published: 2023-04-05 07:40 – Updated: 2024-08-02 06:05
VLAI
Title
SourceCodester Online Graduate Tracer System session expiration
Summary
A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224994 is the identifier assigned to this vulnerability.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/?id.224994 vdb-entrytechnical-description
https://vuldb.com/?ctiid.224994 signaturepermissions-required
https://github.com/Jlan45/OGTSFCOIA/blob/main/una… exploit
Impacted products
Vendor Product Version
SourceCodester Online Graduate Tracer System Affected: 1.0
Create a notification for this product.
online_graduate_tracer_system_project online_graduate_tracer_system Affected: 1.0
    cpe:2.3:a:online_graduate_tracer_system_project:online_graduate_tracer_system:1.0:*:*:*:*:*:*:*
Create a notification for this product.
Credits
J1an (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:online_graduate_tracer_system_project:online_graduate_tracer_system:1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "online_graduate_tracer_system",
            "vendor": "online_graduate_tracer_system_project",
            "versions": [
              {
                "status": "affected",
                "version": "1.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1854",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-18T18:19:27.995972Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-22T20:56:17.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:05:26.779Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.224994"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.224994"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/Jlan45/OGTSFCOIA/blob/main/unauthorizedaccess.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Online Graduate Tracer System",
          "vendor": "SourceCodester",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "analyst",
          "value": "J1an (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224994 is the identifier assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in SourceCodester Online Graduate Tracer System 1.0 gefunden. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei admin/. Dank der Manipulation mit unbekannten Daten kann eine session expiration-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.8,
            "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-21T17:04:36.445Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.224994"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.224994"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/Jlan45/OGTSFCOIA/blob/main/unauthorizedaccess.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-04-05T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-04-05T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-04-05T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-04-22T15:39:29.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "SourceCodester Online Graduate Tracer System session expiration"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-1854",
    "datePublished": "2023-04-05T07:40:17.090Z",
    "dateReserved": "2023-04-05T05:53:26.523Z",
    "dateUpdated": "2024-08-02T06:05:26.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1788 (GCVE-0-2023-1788)

Vulnerability from cvelistv5 – Published: 2023-04-05 00:00 – Updated: 2025-02-10 20:41
VLAI
Title
Insufficient Session Expiration in firefly-iii/firefly-iii
Summary
Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Vendor Product Version
firefly-iii firefly-iii/firefly-iii Affected: unspecified , < 6 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:57:25.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1788",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T20:41:29.808114Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-10T20:41:33.690Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "firefly-iii/firefly-iii",
          "vendor": "firefly-iii",
          "versions": [
            {
              "lessThan": "6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-05T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/79323c9e-e0e5-48ef-bd19-d0b09587ccb2"
        },
        {
          "url": "https://github.com/firefly-iii/firefly-iii/commit/68f398f97cbe1870fc098d8460bf903b9c3fab30"
        }
      ],
      "source": {
        "advisory": "79323c9e-e0e5-48ef-bd19-d0b09587ccb2",
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Session Expiration in firefly-iii/firefly-iii"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-1788",
    "datePublished": "2023-04-05T00:00:00.000Z",
    "dateReserved": "2023-04-01T00:00:00.000Z",
    "dateUpdated": "2025-02-10T20:41:33.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1543 (GCVE-0-2023-1543)

Vulnerability from cvelistv5 – Published: 2023-03-21 00:00 – Updated: 2025-02-26 18:33
VLAI
Title
Insufficient Session Expiration in answerdev/answer
Summary
Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Vendor Product Version
answerdev answerdev/answer Affected: unspecified , < 1.0.6 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:49:11.683Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/f82388d6-dfc3-4fbc-bea6-eb40cf5b2683"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/answerdev/answer/commit/cd742b75605c99776f32d271c0a60e0f468e181c"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1543",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T18:33:35.947021Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-26T18:33:45.462Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "answerdev/answer",
          "vendor": "answerdev",
          "versions": [
            {
              "lessThan": "1.0.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-21T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/f82388d6-dfc3-4fbc-bea6-eb40cf5b2683"
        },
        {
          "url": "https://github.com/answerdev/answer/commit/cd742b75605c99776f32d271c0a60e0f468e181c"
        }
      ],
      "source": {
        "advisory": "f82388d6-dfc3-4fbc-bea6-eb40cf5b2683",
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Session Expiration in answerdev/answer"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-1543",
    "datePublished": "2023-03-21T00:00:00.000Z",
    "dateReserved": "2023-03-21T00:00:00.000Z",
    "dateUpdated": "2025-02-26T18:33:45.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation

Set sessions/credentials expiration date.

No CAPEC attack patterns related to this CWE.