CVE Vulnerabilities

CVE-2022-25590

Insufficient Session Expiration

Published: Mar 25, 2022 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

SurveyKing v0.2.0 was discovered to retain users session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name Vendor Start Version End Version
Surveyking Surveyking 0.2.0 (including) 0.2.0 (including)

Potential Mitigations

References