In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan.
According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”
Name | Vendor | Start Version | End Version |
---|---|---|---|
Octopus_server | Octopus | 2022.4.8332 (including) | 2024.1.12931 (excluding) |
Octopus_server | Octopus | 2024.2.101 (including) | 2024.2.9313 (excluding) |