CVE Vulnerabilities

CVE-2022-25590

Insufficient Session Expiration

Published: Mar 25, 2022 | Modified: Mar 31, 2022
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

SurveyKing v0.2.0 was discovered to retain users session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name Vendor Start Version End Version
Surveyking Surveyking 0.2.0 0.2.0

Potential Mitigations

References