CVE-2022-2064 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-2064

CWE

https://cwe.mitre.org/data/definitions/613.html

Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name	Vendor	Start Version	End Version
Nocodb	Xgenecloud	*	0.91.7 (excluding)

Potential Mitigations

References

https://github.com/nocodb/nocodb/commit/c9b5111b25aea2781e19395a8e9107ddbd235a2b
https://huntr.dev/bounties/39523d51-fc5c-48b8-a082-171da79761bb