CVE-2024-35048 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-35048

CWE

https://cwe.mitre.org/data/definitions/613.html

An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name	Vendor	Start Version	End Version
Surveyking	Surveyking	1.3.1 (including)	1.3.1 (including)

Potential Mitigations

References

https://github.com/javahuang/SurveyKing/issues/56
https://github.com/javahuang/SurveyKing/issues/56