CVE-2020-18701

Description

Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets.

How to fix CVE-2020-18701

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• PyPI/lin-cms—no fix listed

Is CVE-2020-18701 being exploited?

Low — EPSS is 1.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0

References (1)

• REPORTgithub.com/TaleLin/lin-cms-flask/issues/30