CWE-613
Allowed-with-ReviewInsufficient Session Expiration
Abstraction: Base · Status: Incomplete
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
876 vulnerabilities reference this CWE, most recent first.
GHSA-99F2-VQ84-X2MH
Vulnerability from github – Published: 2026-01-20 18:31 – Updated: 2026-01-20 18:31IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
{
"affected": [],
"aliases": [
"CVE-2025-36065"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-20T16:16:03Z",
"severity": "MODERATE"
},
"details": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.",
"id": "GHSA-99f2-vq84-x2mh",
"modified": "2026-01-20T18:31:57Z",
"published": "2026-01-20T18:31:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36065"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7257244"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-99HM-86H7-GR3G
Vulnerability from github – Published: 2024-06-08 21:30 – Updated: 2024-07-22 13:16A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "zenml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.56.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-4680"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-10T18:36:32Z",
"nvd_published_at": "2024-06-08T20:15:52Z",
"severity": "LOW"
},
"details": "A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim\u0027s ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication.",
"id": "GHSA-99hm-86h7-gr3g",
"modified": "2024-07-22T13:16:40Z",
"published": "2024-06-08T21:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4680"
},
{
"type": "PACKAGE",
"url": "https://github.com/zenml-io/zenml"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/c88f6bd2-490d-4930-98dd-03651b20230a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "zenml-io/zenml does not expire the session after password reset"
}
GHSA-99W3-F67V-MH94
Vulnerability from github – Published: 2025-07-28 21:31 – Updated: 2025-07-28 21:31Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack.
{
"affected": [],
"aliases": [
"CVE-2025-50486"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-28T20:17:47Z",
"severity": "HIGH"
},
"details": "Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack.",
"id": "GHSA-99w3-f67v-mh94",
"modified": "2025-07-28T21:31:36Z",
"published": "2025-07-28T21:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50486"
},
{
"type": "WEB",
"url": "https://github.com/sahel0708/CVE/tree/main/CVE-2025-50486"
},
{
"type": "WEB",
"url": "http://car.com"
},
{
"type": "WEB",
"url": "http://phpgurukul.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9FMC-5FQ4-5JWH
Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2022-11-10 23:51HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/nomad"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-3867"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-10T23:51:03Z",
"nvd_published_at": "2022-11-10T06:15:00Z",
"severity": "LOW"
},
"details": "HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.",
"id": "GHSA-9fmc-5fq4-5jwh",
"modified": "2022-11-10T23:51:03Z",
"published": "2022-11-10T12:01:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3867"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/nomad/commit/dd6a4634a9652197fe4182e830f9a737d0ae1216"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168"
},
{
"type": "PACKAGE",
"url": "https://github.com/hashicorp/nomad"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "HashiCorp Nomad vulnerable to Insufficient Session Expiration"
}
GHSA-9GHH-MMCQ-8PHC
Vulnerability from github – Published: 2024-06-17 22:30 – Updated: 2024-10-16 19:26Impact
A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s tokens still usable.
An AP must be enabled to be affected by this, as the built-in User Management feature is not affected by this vulnerability. This issue may lead to an adversary gaining unauthorized access, as the user’s access privileges may still be active within Rancher even though they are no longer valid on the configured AP (please consult the MITRE ATT&CK - Technique - Valid Accounts for further information about the associated technique of attack).
It’s important to note that all configurable APs are impacted, see Rancher Docs - Configuring Authentication - External vs. Local Authentication to get the full authentication providers list.
To address this issue, the fix introduces a new user retention process that can be configured to run periodically and disable and/or delete inactive users. If enabled a user becomes subject to retention if they don't login for a configurable period of time. It's possible to set overrides for users that are used mainly for programmatic access (e.g. CI, scripts etc.) so that they don't become subject to retention for a longer period of time or at all. The user retention process is disabled by default, to avoid deleting wrong accounts. It is up to each user to enable it and configure the retention period as it best suits its environment.
Be aware that once the process is enabled, it might take a few days for previous users that have been revoked or deleted from the AP to be automatically removed from Rancher. To attenuate the risk of this condition, we recommend to regularly audit the AP’s user accounts for activity and manually deactivate or remove them from Rancher, if they are no longer needed.
For further information about the user retention process configuration, please refer to the dedicated documentation Rancher Docs - Advanced User Guides - Enable User Retention.
Patches
Patched versions include releases 2.7.14 and 2.8.5.
Workarounds
Administrators that are unable to update to a patched Rancher Manager version, are advised to delete Rancher users, via kubectl or through the UI, as soon as those users are deleted from the Authentication Provider. If a user needs to be temporarily disabled on the Authentication Provider, similar intervention will need to take place to reflect that change on Rancher Manager.
Below is a procedure to list and remove a deleted/disabled user in Rancher using kubectl (with a privileged kubeconfig).
- List all users bound to a supported external auth provider, then returns
username,uid,displayNameandPrincipalIdswhich contains the relatedauthprovider_user://ID
#!/bin/bash
for authprovider in {activedirectory,azure,common,genericoidc,github googleauth, keycloakoidc,ldap,oidc,publicapi,saml}
do
kubectl get users -o json | jq --arg authprovider "$authprovider" '.items[] | select(.principalIds[] | test("^" + $authprovider + "_user://")) | {username: .metadata.name, uid: .metadata.uid, displayName: .displayName, principalIds: .principalIds}'
done
- Once the
authprovider_user://ID(and/orDisplayName) is confirmed, remove the user from the Rancher UI or usingkubectl delete users <USERNAME>.
For more information
If you have any questions or comments about this advisory:
- Reach out to the SUSE Rancher Security team for security related inquiries.
- Open an issue in the Rancher repository.
- Verify with our support matrix and product support lifecycle.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-22650"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-306",
"CWE-613"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-17T22:30:46Z",
"nvd_published_at": "2024-10-16T09:15:02Z",
"severity": "HIGH"
},
"details": "### Impact\n\nA vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user\u2019s tokens still usable.\n\nAn AP must be enabled to be affected by this, as the built-in User Management feature is not affected by this vulnerability.\nThis issue may lead to an adversary gaining unauthorized access, as the user\u2019s access privileges may still be active within Rancher even though they are no longer valid on the configured AP (please consult the [MITRE ATT\u0026CK - Technique - Valid Accounts](https://attack.mitre.org/techniques/T1078/) for further information about the associated technique of attack).\n\nIt\u2019s important to note that all configurable APs are impacted, see [Rancher Docs - Configuring Authentication - External vs. Local Authentication](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config#external-vs-local-authentication) to get the full authentication providers list.\n\n\nTo address this issue, the fix introduces a new user retention process that can be configured to run periodically and disable and/or delete inactive users. If enabled a user becomes subject to retention if they don\u0027t login for a configurable period of time. It\u0027s possible to set overrides for users that are used mainly for programmatic access (e.g. CI, scripts etc.) so that they don\u0027t become subject to retention for a longer period of time or at all. The user retention process is disabled by default, to avoid deleting wrong accounts. It is up to each user to enable it and configure the retention period as it best suits its environment.\n\nBe aware that once the process is enabled, it might take a few days for previous users that have been revoked or deleted from the AP to be automatically removed from Rancher. To attenuate the risk of this condition, we recommend to regularly audit the AP\u2019s user accounts for activity and manually deactivate or remove them from Rancher, if they are no longer needed.\n\nFor further information about the user retention process configuration, please refer to the dedicated documentation [Rancher Docs - Advanced User Guides - Enable User Retention](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-user-retention).\n\n### Patches\n\nPatched versions include releases `2.7.14` and `2.8.5`.\n\n### Workarounds\n\nAdministrators that are unable to update to a patched Rancher Manager version, are advised to delete Rancher users, via kubectl or through the UI, as soon as those users are deleted from the Authentication Provider. If a user needs to be temporarily disabled on the Authentication Provider, similar intervention will need to take place to reflect that change on Rancher Manager.\n\n\nBelow is a procedure to list and remove a deleted/disabled user in Rancher using `kubectl` (with a privileged kubeconfig).\n\n1. List all users bound to a supported external auth provider, then returns `username`, `uid`, `displayName` and `PrincipalIds` which contains the related `authprovider_user://ID`\n\n```shell\n#!/bin/bash\n\nfor authprovider in {activedirectory,azure,common,genericoidc,github googleauth, keycloakoidc,ldap,oidc,publicapi,saml}\ndo \n\tkubectl get users -o json | jq --arg authprovider \"$authprovider\" \u0027.items[] | select(.principalIds[] | test(\"^\" + $authprovider + \"_user://\")) | {username: .metadata.name, uid: .metadata.uid, displayName: .displayName, principalIds: .principalIds}\u0027\ndone\n```\n\n2. Once the `authprovider_user://ID` (and/or `DisplayName`) is confirmed, remove the user from the Rancher UI or using `kubectl delete users \u003cUSERNAME\u003e`.\n\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify with our [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).\n",
"id": "GHSA-9ghh-mmcq-8phc",
"modified": "2024-10-16T19:26:09Z",
"published": "2024-06-17T22:30:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-9ghh-mmcq-8phc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22650"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22650"
},
{
"type": "PACKAGE",
"url": "https://github.com/rancher/rancher"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider"
}
GHSA-9J94-67JR-4CQJ
Vulnerability from github – Published: 2025-05-08 14:45 – Updated: 2025-05-09 14:34Summary
When using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session.
Details
Rack session middleware prepares the session at the beginning of request, then saves is back to the store with possible changes applied by host rack application. This way the session becomes to be a subject of race conditions in general sense over concurrent rack requests.
Impact
When using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout.
Mitigation
- Update to the latest version of
rack-session, or - Ensure your application invalidates sessions atomically by marking them as logged out e.g., using a
logged_outflag, instead of deleting them, and check this flag on every request to prevent reuse, or - Implement a custom session store that tracks session invalidation timestamps and refuses to accept session data if the session was invalidated after the request began.
Related
This code was previously part of rack in Rack < 3, see https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g for the equivalent advisory in rack (affecting Rack < 3 only).
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rack-session"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-46336"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-367",
"CWE-613"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-08T14:45:33Z",
"nvd_published_at": "2025-05-08T20:15:30Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nWhen using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session.\n\n## Details\n\n[Rack session middleware](https://github.com/rack/rack-session/blob/v2.1.0/lib/rack/session/abstract/id.rb#L271-L278) prepares the session at the beginning of request, then saves is back to the store with possible changes applied by host rack application. This way the session becomes to be a subject of race conditions in general sense over concurrent rack requests.\n\n## Impact\n\nWhen using the `Rack::Session::Pool` middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout.\n\n## Mitigation\n\n- Update to the latest version of `rack-session`, or\n- Ensure your application invalidates sessions atomically by marking them as logged out e.g., using a `logged_out` flag, instead of deleting them, and check this flag on every request to prevent reuse, or\n- Implement a custom session store that tracks session invalidation timestamps and refuses to accept session data if the session was invalidated after the request began.\n\n## Related\n\nThis code was previously part of `rack` in Rack \u003c 3, see \u003chttps://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g\u003e for the equivalent advisory in `rack` (affecting Rack \u003c 3 only).",
"id": "GHSA-9j94-67jr-4cqj",
"modified": "2025-05-09T14:34:48Z",
"published": "2025-05-08T14:45:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj"
},
{
"type": "WEB",
"url": "https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46336"
},
{
"type": "WEB",
"url": "https://github.com/rack/rack-session/commit/c28c4a8c1861d814e09f2ae48264ac4c40be2d3b"
},
{
"type": "PACKAGE",
"url": "https://github.com/rack/rack-session"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-session/CVE-2025-46336.yml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Rack session gets restored after deletion"
}
GHSA-9J9M-8WJC-FF96
Vulnerability from github – Published: 2021-11-10 17:02 – Updated: 2022-08-22 22:01Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users' sessions. As a mitigation for older releases the user account in question can be archived (3.x) or moved to the trash (2.x and earlier) which does disable the existing session.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "apostrophe"
},
"ranges": [
{
"events": [
{
"introduced": "2.63.0"
},
{
"fixed": "3.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-25979"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-09T21:01:19Z",
"nvd_published_at": "2021-11-08T15:15:00Z",
"severity": "CRITICAL"
},
"details": "Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users\u0027 sessions. As a mitigation for older releases the user account in question can be archived (3.x) or moved to the trash (2.x and earlier) which does disable the existing session.",
"id": "GHSA-9j9m-8wjc-ff96",
"modified": "2022-08-22T22:01:24Z",
"published": "2021-11-10T17:02:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25979"
},
{
"type": "WEB",
"url": "https://github.com/apostrophecms/apostrophe/commit/c211b211f9f4303a77a307cf41aac9b4ef8d2c7c"
},
{
"type": "PACKAGE",
"url": "https://github.com/apostrophecms/apostrophe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": " Apostrophe CMS Insufficient Session Expiration vulnerability"
}
GHSA-9JR3-RJ99-8JQ3
Vulnerability from github – Published: 2026-06-19 20:47 – Updated: 2026-06-19 20:47Impact
When enabling DetectReplayedTokens, a token can be replayed and will be detected despite it being reused.
Patches
Fixed in CoreWCF v1.8.1 and v1.9.1
Workarounds
Provide your own implementation of ITokenReplayCache with the correct behavior.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "CoreWCF.Primitives"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "CoreWCF.Primitives"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.0"
},
{
"fixed": "1.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54779"
],
"database_specific": {
"cwe_ids": [
"CWE-294",
"CWE-613"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T20:47:02Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\nWhen enabling DetectReplayedTokens, a token can be replayed and will be detected despite it being reused.\n\n### Patches\nFixed in CoreWCF v1.8.1 and v1.9.1\n\n### Workarounds\nProvide your own implementation of `ITokenReplayCache` with the correct behavior.",
"id": "GHSA-9jr3-rj99-8jq3",
"modified": "2026-06-19T20:47:02Z",
"published": "2026-06-19T20:47:02Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-9jr3-rj99-8jq3"
},
{
"type": "PACKAGE",
"url": "https://github.com/CoreWCF/CoreWCF"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "CoreWCF: SAML token replay protection is inoperative"
}
GHSA-9JW4-QC44-F778
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:54An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/.
{
"affected": [],
"aliases": [
"CVE-2019-16133"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-09T03:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/.",
"id": "GHSA-9jw4-qc44-f778",
"modified": "2024-04-04T01:54:05Z",
"published": "2022-05-24T16:55:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16133"
},
{
"type": "WEB",
"url": "http://www.iwantacve.cn/index.php/archives/271"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9MX7-G5MQ-8W76
Vulnerability from github – Published: 2024-01-26 21:30 – Updated: 2024-04-01 09:30A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-0943"
],
"database_specific": {
"cwe_ids": [
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-26T20:15:54Z",
"severity": "LOW"
},
"details": "A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-9mx7-g5mq-8w76",
"modified": "2024-04-01T09:30:31Z",
"published": "2024-01-26T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0943"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1OBs4kc1KvbqrMhQHs54WtwxxxiBoI0hL/view?usp=sharing"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.252187"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.252187"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.269680"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Set sessions/credentials expiration date.
No CAPEC attack patterns related to this CWE.