CVE-2023-5889 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-5889

CWE

https://cwe.mitre.org/data/definitions/613.html

Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name	Vendor	Start Version	End Version
Pkp_web_application_library	Pkp	*	3.3.0-16 (excluding)

Potential Mitigations

References

https://github.com/pkp/pkp-lib/commit/32d071ef2090fc336bc17d56a86d1dff90c26f0b
https://huntr.com/bounties/fba2991a-1b8a-4c89-9689-d708526928e1