admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Description update

Browse Source
This commit is contained in:
Daniel Elkabes 2022-08-10 17:04:30 +03:00 committed by GitHub
parent 43df5621cf
commit 583f6d0609
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2021/25xxx/CVE-2021-25979.json
View File

@ -46,7 +46,7 @@
"description_data": [
{
"lang": "eng",
"value": "Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users' sessions."
"value": "Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account in question can be archived (3.x) or moved to the trash (2.x and earlier) which does disable the existing session."
}
]
},
@ -100,4 +100,4 @@
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25979",
"discovery": "EXTERNAL"
}
}
}