CVE-2024-31556

MEDIUM6.5EPSS 0.08%

Reportico Web fails to invalidate cookies upon logout

發布日:2024/5/14修改日:2024/7/5

描述

An issue in Reportico Web before v.8.1.0. This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout. When a user logs out of the application, the session cookie should be invalidated to prevent unauthorized access. However, due to the oversight in the application's implementation, the session cookie remains active even after logout. Consequently, if an attacker obtains the session cookie, they can exploit it to access the user's session and perform unauthorized actions.

受影響套件(1)

Packagist/reportico-web/reporticofrom 0, <= 8.1.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-31556
PATCHhttps://github.com/reportico-web/reportico
WEBhttps://github.com/reportico-web/reportico/issues/53