CVE-2023-4005 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-4005

CWE

https://cwe.mitre.org/data/definitions/613.html

Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name	Vendor	Start Version	End Version
Fossbilling	Fossbilling	*	0.5.5 (excluding)

Potential Mitigations

References

https://github.com/fossbilling/fossbilling/commit/20c23b051eb690cb4ae60a257f6bb46eb3aae2d1
https://huntr.dev/bounties/f0aacce1-79bc-4765-95f1-7e824433b9e4