mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-30 18:21:17 +00:00
36 lines
1.1 KiB
JSON
36 lines
1.1 KiB
JSON
|
{
|
||
|
|
"id": "CVE-2024-25977",
|
||
|
|
"sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
|
||
|
|
"published": "2024-05-29T13:15:49.683",
|
||
|
|
"lastModified": "2024-05-29T13:15:49.683",
|
||
|
|
"vulnStatus": "Received",
|
||
|
|
"descriptions": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken over."
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"metrics": {},
|
||
|
|
"weaknesses": [
|
||
|
|
{
|
||
|
|
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
|
||
|
|
"type": "Secondary",
|
||
|
|
"description": [
|
||
|
|
{
|
||
|
|
"lang": "en",
|
||
|
|
"value": "CWE-384"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"references": [
|
||
|
|
{
|
||
|
|
"url": "https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1",
|
||
|
|
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"url": "https://r.sec-consult.com/hawki",
|
||
|
|
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf"
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|