cvelistv5 - cve-2023-49091

CVE-2023-49091 (GCVE-0-2023-49091)

Vulnerability from cvelistv5 – Published: 2023-11-29 19:16 – Updated: 2025-01-21 20:18

Title

Jwttoken in Cosmos server never expires after password changed and logging out

Summary

Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.1.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-613 - Insufficient Session Expiration

Assigner

GitHub_M

References

URL

Tags

	https://github.com/azukaar/Cosmos-Server/security…	x_refsource_CONFIRM
	https://github.com/azukaar/Cosmos-Server/commit/7…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	azukaar	Cosmos-Server	Affected: < 0.13.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:46:28.806Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-49091",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-11-30T17:02:56.950333Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T15:56:18.479Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cosmos-Server",
          "vendor": "azukaar",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.13.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613: Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-21T20:18:17.369Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x"
        },
        {
          "name": "https://github.com/azukaar/Cosmos-Server/commit/7a3fdfb467bd4d1f8333e3e1f3c3f5fca0b69cd7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/azukaar/Cosmos-Server/commit/7a3fdfb467bd4d1f8333e3e1f3c3f5fca0b69cd7"
        }
      ],
      "source": {
        "advisory": "GHSA-hpvm-x7m8-3c6x",
        "discovery": "UNKNOWN"
      },
      "title": "Jwttoken in Cosmos server never expires after password changed and logging out"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-49091",
    "datePublished": "2023-11-29T19:16:37.723Z",
    "dateReserved": "2023-11-21T18:57:30.429Z",
    "dateUpdated": "2025-01-21T20:18:17.369Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.1.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0F9DD63-E895-471D-A103-89DC8CE4487F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.1.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"245BC303-196B-427E-9206-23FF97C1D028\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.1.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC80B4CA-DCF5-406B-8CBC-7D8B10C07D75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFA40431-2EA9-4814-97BD-9B98FD12565A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"48F9560F-E849-40BF-87E4-3EE76E2307B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20001A99-A282-4201-9B35-2642AFBBEDF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3FBF8D50-7369-4D65-B75A-A79B8313B5EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4DDF3EC-9AB2-4D07-AEF7-3B6F86CFEE33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11F11DBC-37C2-4C5C-A42B-FA79A79A522C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F95649EE-5546-4C63-A325-7D1E7A8F1199\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"704FEFD9-1E74-4381-A632-C0CE0C39A1B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72A4403B-0395-4D94-81BE-D0B7A7208A91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBB50B8C-0B6A-4B35-866B-289E09D45EBE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FEDF35D-62E1-4F55-8176-582BC12DCDEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"59DA9642-F316-47B6-BEF4-B40A3A87B3B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0BF3BB20-23D2-47EF-AEC3-624C00B3E279\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6C0489A-C381-4EAC-B2A9-BF2B52F7AB9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7682B327-5A0A-4AA8-AA6C-135938853D73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D82733E-1C1E-43ED-BB52-C4F4355BAA2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF6CA450-B6F6-4194-ABCC-6D1B70A0BD7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90DCCFD5-AA8C-4044-BF7C-9BE2CFA36D6F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.7:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E302BF1-076C-4EF1-B578-9BEACBDB8563\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5DB6050-C175-4AB5-B3CC-924D02B5C70E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDB59393-C90C-4913-9A7A-CAD64014C5DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1C4A549-39AA-4221-8104-53317A7B57ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"007BA5D8-DD27-4C7D-8AEE-92E420444648\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E02C3A4-771F-4D2E-9246-ABA061F14BA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9147CCB4-99BA-46C9-B4C1-9BFC78961063\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD0C8166-6388-47ED-9D63-28928973FB5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.4:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"6EB22B0B-EC99-411D-B7C1-C5DAB6A96107\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D88BBD-968E-416D-9ED9-5087CC378D01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33E78715-9E76-4E8C-8F27-E2ECD2C6969F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB71C771-A2C0-4D6A-83DE-17A0031276CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8864B3A3-81D4-476C-9D43-763E6C501C01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"362FDFC1-2F71-4B1D-AD5D-BEAB04150FC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A243056D-2F2D-4A84-B02C-F21384D2CBBC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D95B7F37-69F9-47BD-81EE-01F85AA08265\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70AE035A-FEEB-4DCF-843B-273E1596777E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60D429D5-8241-4431-8CDA-7B25D9F971F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20CB8797-381A-42DB-A268-600865E514FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6EA361BE-1F6B-4F44-A5E8-8C1E08999BDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"A08386B6-3863-4861-A811-36269648290B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"514D19FA-EFC1-493A-82F8-E1643B6E37D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6547760-893A-4316-9B26-34FADD4BF455\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5665A44D-8EE6-4BD3-BEC0-1316C0409CA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92D61C74-73FD-4F74-B817-6FA5B1903E84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B8ED8F3-344C-4AAE-843C-75FFF052F8D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8EF95DE-656C-41F1-B169-20DED5234965\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30B30A3D-941F-4604-9703-D96E2689B431\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE7A76DF-1758-4B6F-B9B8-1D617D79A6D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"286CF897-8C22-4BF6-B816-1E7B400FBC4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7402E48F-188B-469E-AFF4-F5F5E8D4D305\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6029988-F826-45FE-8303-98DFB69ADD18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"56E2EFC3-9B64-4656-803C-3484981A57B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71DB2F36-103D-4A5C-A0D8-22E0B20E8BDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32EB3543-3E12-4CD6-B8E1-091C2BC06B4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D06967B6-E215-422B-BC4B-8E63C56FB958\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9267FEE-CE5B-4ADB-9CD6-55698C2E6D11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8CD0C5F-4EB0-477D-A672-BFCD56734C70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7960B3D0-01B0-480B-9B12-B4D5ACEBC526\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29536415-FEBA-470B-BBF0-B76D1148585C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10E5D948-87FF-4789-B294-817294B85FD3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35D87312-7595-4E02-B33D-190A99E2F34B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED4790DA-50A7-4E87-8780-79DE2818936D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4FB9A84-A927-406C-AEE3-E6884F91B488\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1B8B916-894A-4555-B85E-971543039C5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0A6A70E-9992-4042-B3EF-F82CCE17F1E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F66ED38-32AC-4E7A-8506-625A53428E61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0E702BA-98F3-402A-B4B4-EDB862455922\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9E95C76-F625-4C35-B4F6-C9C0625FD151\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDB8E645-65C2-47D8-9FA6-78E5AFDB91EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5286DEA-ECE0-4E40-96FE-11144B317EDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.19:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"F663B778-D1F3-4551-9812-61BF45A77279\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB0335D9-8789-48B5-A0FE-40A30993F535\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65390F75-4D2A-4A3A-97BC-16C2A7F08BDE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"88616AE6-0E5E-48CC-827D-CBC09BB4D352\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"0543F1CA-D9A6-478E-B9B3-804C6A8DB2C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9639CAE7-FE63-4286-BE8C-E82E734F1B78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9958CCA3-7B3C-4CB5-9188-32C73C08735F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.4:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"14F79A15-D8C0-4041-AB5C-7B640011391A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"07DE8CDF-8D02-4744-806C-BFC18333ECE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6F247DF-C078-4CCA-9352-54F36DC5A4BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43350B4E-7D95-4963-ABF4-237E9E63A841\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F4E655A-4175-4953-AD19-F1F9BE1ABF62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E8CD9C8-8F1E-428D-B7D4-BC822553F92D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67696CA2-739B-40A3-9DD5-95A7BFA1448F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70B8832F-7202-45C8-A7B2-30D3F2D57D41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C81041A-1D6C-413A-8886-6F1308CA0E37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5678EC30-3F90-4911-B5E8-E01751BE13F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87AB67FA-11E4-4807-B62F-2AD3BA31AC45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.6:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF30F289-0826-45C9-BDE4-6B78299E6536\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.0.\"}, {\"lang\": \"es\", \"value\": \"Cosmos ofrece a los usuarios la posibilidad de autohospedar un servidor dom\\u00e9stico actuando como una puerta de enlace segura a su aplicaci\\u00f3n, as\\u00ed como un administrador de servidor. Cosmos-server es vulnerable debido a que el encabezado de autorizaci\\u00f3n utilizado para el inicio de sesi\\u00f3n del usuario sigue siendo v\\u00e1lido y no caduca despu\\u00e9s del cierre de sesi\\u00f3n. Esta vulnerabilidad permite a un atacante utilizar el token para obtener acceso no autorizado a la aplicaci\\u00f3n/sistema incluso despu\\u00e9s de que el usuario haya cerrado sesi\\u00f3n. Este problema se solucion\\u00f3 en la versi\\u00f3n 0.13.0.\"}]",
      "id": "CVE-2023-49091",
      "lastModified": "2024-11-21T08:32:48.240",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2023-11-29T20:15:08.390",
      "references": "[{\"url\": \"https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-613\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-49091\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-11-29T20:15:08.390\",\"lastModified\":\"2025-04-11T14:17:55.343\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.1.\"},{\"lang\":\"es\",\"value\":\"Cosmos ofrece a los usuarios la posibilidad de autohospedar un servidor dom\u00e9stico actuando como una puerta de enlace segura a su aplicaci\u00f3n, as\u00ed como un administrador de servidor. Cosmos-server es vulnerable debido a que el encabezado de autorizaci\u00f3n utilizado para el inicio de sesi\u00f3n del usuario sigue siendo v\u00e1lido y no caduca despu\u00e9s del cierre de sesi\u00f3n. Esta vulnerabilidad permite a un atacante utilizar el token para obtener acceso no autorizado a la aplicaci\u00f3n/sistema incluso despu\u00e9s de que el usuario haya cerrado sesi\u00f3n. Este problema se solucion\u00f3 en la versi\u00f3n 0.13.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0F9DD63-E895-471D-A103-89DC8CE4487F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"245BC303-196B-427E-9206-23FF97C1D028\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC80B4CA-DCF5-406B-8CBC-7D8B10C07D75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFA40431-2EA9-4814-97BD-9B98FD12565A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"48F9560F-E849-40BF-87E4-3EE76E2307B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20001A99-A282-4201-9B35-2642AFBBEDF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FBF8D50-7369-4D65-B75A-A79B8313B5EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4DDF3EC-9AB2-4D07-AEF7-3B6F86CFEE33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11F11DBC-37C2-4C5C-A42B-FA79A79A522C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F95649EE-5546-4C63-A325-7D1E7A8F1199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"704FEFD9-1E74-4381-A632-C0CE0C39A1B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72A4403B-0395-4D94-81BE-D0B7A7208A91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBB50B8C-0B6A-4B35-866B-289E09D45EBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FEDF35D-62E1-4F55-8176-582BC12DCDEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"59DA9642-F316-47B6-BEF4-B40A3A87B3B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BF3BB20-23D2-47EF-AEC3-624C00B3E279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6C0489A-C381-4EAC-B2A9-BF2B52F7AB9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7682B327-5A0A-4AA8-AA6C-135938853D73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D82733E-1C1E-43ED-BB52-C4F4355BAA2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF6CA450-B6F6-4194-ABCC-6D1B70A0BD7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90DCCFD5-AA8C-4044-BF7C-9BE2CFA36D6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E302BF1-076C-4EF1-B578-9BEACBDB8563\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5DB6050-C175-4AB5-B3CC-924D02B5C70E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDB59393-C90C-4913-9A7A-CAD64014C5DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1C4A549-39AA-4221-8104-53317A7B57ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"007BA5D8-DD27-4C7D-8AEE-92E420444648\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E02C3A4-771F-4D2E-9246-ABA061F14BA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9147CCB4-99BA-46C9-B4C1-9BFC78961063\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD0C8166-6388-47ED-9D63-28928973FB5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EB22B0B-EC99-411D-B7C1-C5DAB6A96107\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D88BBD-968E-416D-9ED9-5087CC378D01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33E78715-9E76-4E8C-8F27-E2ECD2C6969F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB71C771-A2C0-4D6A-83DE-17A0031276CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8864B3A3-81D4-476C-9D43-763E6C501C01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"362FDFC1-2F71-4B1D-AD5D-BEAB04150FC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A243056D-2F2D-4A84-B02C-F21384D2CBBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D95B7F37-69F9-47BD-81EE-01F85AA08265\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70AE035A-FEEB-4DCF-843B-273E1596777E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60D429D5-8241-4431-8CDA-7B25D9F971F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20CB8797-381A-42DB-A268-600865E514FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EA361BE-1F6B-4F44-A5E8-8C1E08999BDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A08386B6-3863-4861-A811-36269648290B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"514D19FA-EFC1-493A-82F8-E1643B6E37D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6547760-893A-4316-9B26-34FADD4BF455\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5665A44D-8EE6-4BD3-BEC0-1316C0409CA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92D61C74-73FD-4F74-B817-6FA5B1903E84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B8ED8F3-344C-4AAE-843C-75FFF052F8D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8EF95DE-656C-41F1-B169-20DED5234965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30B30A3D-941F-4604-9703-D96E2689B431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE7A76DF-1758-4B6F-B9B8-1D617D79A6D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"286CF897-8C22-4BF6-B816-1E7B400FBC4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7402E48F-188B-469E-AFF4-F5F5E8D4D305\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6029988-F826-45FE-8303-98DFB69ADD18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"56E2EFC3-9B64-4656-803C-3484981A57B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71DB2F36-103D-4A5C-A0D8-22E0B20E8BDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32EB3543-3E12-4CD6-B8E1-091C2BC06B4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D06967B6-E215-422B-BC4B-8E63C56FB958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9267FEE-CE5B-4ADB-9CD6-55698C2E6D11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8CD0C5F-4EB0-477D-A672-BFCD56734C70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7960B3D0-01B0-480B-9B12-B4D5ACEBC526\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29536415-FEBA-470B-BBF0-B76D1148585C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10E5D948-87FF-4789-B294-817294B85FD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35D87312-7595-4E02-B33D-190A99E2F34B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED4790DA-50A7-4E87-8780-79DE2818936D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4FB9A84-A927-406C-AEE3-E6884F91B488\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1B8B916-894A-4555-B85E-971543039C5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0A6A70E-9992-4042-B3EF-F82CCE17F1E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F66ED38-32AC-4E7A-8506-625A53428E61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0E702BA-98F3-402A-B4B4-EDB862455922\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9E95C76-F625-4C35-B4F6-C9C0625FD151\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDB8E645-65C2-47D8-9FA6-78E5AFDB91EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5286DEA-ECE0-4E40-96FE-11144B317EDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.19:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F663B778-D1F3-4551-9812-61BF45A77279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB0335D9-8789-48B5-A0FE-40A30993F535\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65390F75-4D2A-4A3A-97BC-16C2A7F08BDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"88616AE6-0E5E-48CC-827D-CBC09BB4D352\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"0543F1CA-D9A6-478E-B9B3-804C6A8DB2C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9639CAE7-FE63-4286-BE8C-E82E734F1B78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9958CCA3-7B3C-4CB5-9188-32C73C08735F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"14F79A15-D8C0-4041-AB5C-7B640011391A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DE8CDF-8D02-4744-806C-BFC18333ECE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6F247DF-C078-4CCA-9352-54F36DC5A4BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43350B4E-7D95-4963-ABF4-237E9E63A841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F4E655A-4175-4953-AD19-F1F9BE1ABF62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E8CD9C8-8F1E-428D-B7D4-BC822553F92D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67696CA2-739B-40A3-9DD5-95A7BFA1448F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70B8832F-7202-45C8-A7B2-30D3F2D57D41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C81041A-1D6C-413A-8886-6F1308CA0E37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5678EC30-3F90-4911-B5E8-E01751BE13F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87AB67FA-11E4-4807-B62F-2AD3BA31AC45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF30F289-0826-45C9-BDE4-6B78299E6536\"}]}]}],\"references\":[{\"url\":\"https://github.com/azukaar/Cosmos-Server/commit/7a3fdfb467bd4d1f8333e3e1f3c3f5fca0b69cd7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x\", \"name\": \"https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T21:46:28.806Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-49091\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-11-30T17:02:56.950333Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-27T15:56:14.288Z\"}}], \"cna\": {\"title\": \"Jwttoken in Cosmos server never expires after password changed and logging out\", \"source\": {\"advisory\": \"GHSA-hpvm-x7m8-3c6x\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"azukaar\", \"product\": \"Cosmos-Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.13.1\"}]}], \"references\": [{\"url\": \"https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x\", \"name\": \"https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/azukaar/Cosmos-Server/commit/7a3fdfb467bd4d1f8333e3e1f3c3f5fca0b69cd7\", \"name\": \"https://github.com/azukaar/Cosmos-Server/commit/7a3fdfb467bd4d1f8333e3e1f3c3f5fca0b69cd7\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-613\", \"description\": \"CWE-613: Insufficient Session Expiration\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-01-21T20:18:17.369Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-49091\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-21T20:18:17.369Z\", \"dateReserved\": \"2023-11-21T18:57:30.429Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-11-29T19:16:37.723Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2023-49091

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-49091

Aliases

CVE-2023-49091

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-49091",
    "id": "GSD-2023-49091"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-49091"
      ],
      "details": "Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.0.",
      "id": "GSD-2023-49091",
      "modified": "2023-12-13T01:20:35.176473Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-49091",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cosmos-Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 0.13.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "azukaar"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.0."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-613",
                "lang": "eng",
                "value": "CWE-613: Insufficient Session Expiration"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x",
            "refsource": "MISC",
            "url": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-hpvm-x7m8-3c6x",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.1.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.1.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.4:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.19:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.4:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.0:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-49091"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-613"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x",
              "refsource": "",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-12-08T15:12Z",
      "publishedDate": "2023-11-29T20:15Z"
    }
  }
}

FKIE_CVE-2023-49091

Vulnerability from fkie_nvd - Published: 2023-11-29 20:15 - Updated: 2025-04-11 14:17

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/azukaar/Cosmos-Server/commit/7a3fdfb467bd4d1f8333e3e1f3c3f5fca0b69cd7	Patch
security-advisories@github.com	https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x	Exploit, Vendor Advisory

Impacted products

Vendor	Product	Version
cosmos-cloud	cosmos_server	0.1.15
cosmos-cloud	cosmos_server	0.1.16
cosmos-cloud	cosmos_server	0.1.17
cosmos-cloud	cosmos_server	0.2.0
cosmos-cloud	cosmos_server	0.3.0
cosmos-cloud	cosmos_server	0.3.1
cosmos-cloud	cosmos_server	0.3.2
cosmos-cloud	cosmos_server	0.3.3
cosmos-cloud	cosmos_server	0.3.4
cosmos-cloud	cosmos_server	0.3.5
cosmos-cloud	cosmos_server	0.4.0
cosmos-cloud	cosmos_server	0.4.1
cosmos-cloud	cosmos_server	0.4.2
cosmos-cloud	cosmos_server	0.4.3
cosmos-cloud	cosmos_server	0.5.0
cosmos-cloud	cosmos_server	0.5.1
cosmos-cloud	cosmos_server	0.5.2
cosmos-cloud	cosmos_server	0.5.3
cosmos-cloud	cosmos_server	0.5.4
cosmos-cloud	cosmos_server	0.5.5
cosmos-cloud	cosmos_server	0.5.6
cosmos-cloud	cosmos_server	0.5.7
cosmos-cloud	cosmos_server	0.5.8
cosmos-cloud	cosmos_server	0.5.9
cosmos-cloud	cosmos_server	0.5.12
cosmos-cloud	cosmos_server	0.6.0
cosmos-cloud	cosmos_server	0.6.1
cosmos-cloud	cosmos_server	0.6.2
cosmos-cloud	cosmos_server	0.6.3
cosmos-cloud	cosmos_server	0.6.4
cosmos-cloud	cosmos_server	0.7.0
cosmos-cloud	cosmos_server	0.7.1
cosmos-cloud	cosmos_server	0.7.2
cosmos-cloud	cosmos_server	0.7.3
cosmos-cloud	cosmos_server	0.7.4
cosmos-cloud	cosmos_server	0.7.5
cosmos-cloud	cosmos_server	0.7.6
cosmos-cloud	cosmos_server	0.7.7
cosmos-cloud	cosmos_server	0.7.8
cosmos-cloud	cosmos_server	0.7.9
cosmos-cloud	cosmos_server	0.7.10
cosmos-cloud	cosmos_server	0.8.0
cosmos-cloud	cosmos_server	0.8.1
cosmos-cloud	cosmos_server	0.8.2
cosmos-cloud	cosmos_server	0.8.3
cosmos-cloud	cosmos_server	0.8.4
cosmos-cloud	cosmos_server	0.8.5
cosmos-cloud	cosmos_server	0.8.6
cosmos-cloud	cosmos_server	0.8.7
cosmos-cloud	cosmos_server	0.8.8
cosmos-cloud	cosmos_server	0.8.9
cosmos-cloud	cosmos_server	0.8.10
cosmos-cloud	cosmos_server	0.8.11
cosmos-cloud	cosmos_server	0.9.0
cosmos-cloud	cosmos_server	0.9.1
cosmos-cloud	cosmos_server	0.9.2
cosmos-cloud	cosmos_server	0.9.3
cosmos-cloud	cosmos_server	0.9.4
cosmos-cloud	cosmos_server	0.9.5
cosmos-cloud	cosmos_server	0.9.6
cosmos-cloud	cosmos_server	0.9.7
cosmos-cloud	cosmos_server	0.9.8
cosmos-cloud	cosmos_server	0.9.9
cosmos-cloud	cosmos_server	0.9.10
cosmos-cloud	cosmos_server	0.9.11
cosmos-cloud	cosmos_server	0.9.12
cosmos-cloud	cosmos_server	0.9.13
cosmos-cloud	cosmos_server	0.9.14
cosmos-cloud	cosmos_server	0.9.15
cosmos-cloud	cosmos_server	0.9.16
cosmos-cloud	cosmos_server	0.9.17
cosmos-cloud	cosmos_server	0.9.18
cosmos-cloud	cosmos_server	0.9.19
cosmos-cloud	cosmos_server	0.9.20
cosmos-cloud	cosmos_server	0.9.21
cosmos-cloud	cosmos_server	0.10.0
cosmos-cloud	cosmos_server	0.10.1
cosmos-cloud	cosmos_server	0.10.2
cosmos-cloud	cosmos_server	0.10.3
cosmos-cloud	cosmos_server	0.10.4
cosmos-cloud	cosmos_server	0.11.0
cosmos-cloud	cosmos_server	0.11.1
cosmos-cloud	cosmos_server	0.11.2
cosmos-cloud	cosmos_server	0.11.3
cosmos-cloud	cosmos_server	0.12.0
cosmos-cloud	cosmos_server	0.12.1
cosmos-cloud	cosmos_server	0.12.2
cosmos-cloud	cosmos_server	0.12.3
cosmos-cloud	cosmos_server	0.12.4
cosmos-cloud	cosmos_server	0.12.5
cosmos-cloud	cosmos_server	0.12.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0F9DD63-E895-471D-A103-89DC8CE4487F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "245BC303-196B-427E-9206-23FF97C1D028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC80B4CA-DCF5-406B-8CBC-7D8B10C07D75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFA40431-2EA9-4814-97BD-9B98FD12565A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "48F9560F-E849-40BF-87E4-3EE76E2307B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20001A99-A282-4201-9B35-2642AFBBEDF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FBF8D50-7369-4D65-B75A-A79B8313B5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4DDF3EC-9AB2-4D07-AEF7-3B6F86CFEE33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "11F11DBC-37C2-4C5C-A42B-FA79A79A522C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F95649EE-5546-4C63-A325-7D1E7A8F1199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "704FEFD9-1E74-4381-A632-C0CE0C39A1B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "72A4403B-0395-4D94-81BE-D0B7A7208A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBB50B8C-0B6A-4B35-866B-289E09D45EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FEDF35D-62E1-4F55-8176-582BC12DCDEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "59DA9642-F316-47B6-BEF4-B40A3A87B3B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF3BB20-23D2-47EF-AEC3-624C00B3E279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C0489A-C381-4EAC-B2A9-BF2B52F7AB9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7682B327-5A0A-4AA8-AA6C-135938853D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D82733E-1C1E-43ED-BB52-C4F4355BAA2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF6CA450-B6F6-4194-ABCC-6D1B70A0BD7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "90DCCFD5-AA8C-4044-BF7C-9BE2CFA36D6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "0E302BF1-076C-4EF1-B578-9BEACBDB8563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5DB6050-C175-4AB5-B3CC-924D02B5C70E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDB59393-C90C-4913-9A7A-CAD64014C5DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1C4A549-39AA-4221-8104-53317A7B57ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "007BA5D8-DD27-4C7D-8AEE-92E420444648",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E02C3A4-771F-4D2E-9246-ABA061F14BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9147CCB4-99BA-46C9-B4C1-9BFC78961063",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0C8166-6388-47ED-9D63-28928973FB5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "6EB22B0B-EC99-411D-B7C1-C5DAB6A96107",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "46D88BBD-968E-416D-9ED9-5087CC378D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E78715-9E76-4E8C-8F27-E2ECD2C6969F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB71C771-A2C0-4D6A-83DE-17A0031276CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8864B3A3-81D4-476C-9D43-763E6C501C01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "362FDFC1-2F71-4B1D-AD5D-BEAB04150FC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A243056D-2F2D-4A84-B02C-F21384D2CBBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D95B7F37-69F9-47BD-81EE-01F85AA08265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "70AE035A-FEEB-4DCF-843B-273E1596777E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "60D429D5-8241-4431-8CDA-7B25D9F971F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "20CB8797-381A-42DB-A268-600865E514FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EA361BE-1F6B-4F44-A5E8-8C1E08999BDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "A08386B6-3863-4861-A811-36269648290B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "514D19FA-EFC1-493A-82F8-E1643B6E37D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6547760-893A-4316-9B26-34FADD4BF455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5665A44D-8EE6-4BD3-BEC0-1316C0409CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "92D61C74-73FD-4F74-B817-6FA5B1903E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B8ED8F3-344C-4AAE-843C-75FFF052F8D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8EF95DE-656C-41F1-B169-20DED5234965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B30A3D-941F-4604-9703-D96E2689B431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE7A76DF-1758-4B6F-B9B8-1D617D79A6D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "286CF897-8C22-4BF6-B816-1E7B400FBC4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7402E48F-188B-469E-AFF4-F5F5E8D4D305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6029988-F826-45FE-8303-98DFB69ADD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "56E2EFC3-9B64-4656-803C-3484981A57B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71DB2F36-103D-4A5C-A0D8-22E0B20E8BDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "32EB3543-3E12-4CD6-B8E1-091C2BC06B4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D06967B6-E215-422B-BC4B-8E63C56FB958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9267FEE-CE5B-4ADB-9CD6-55698C2E6D11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8CD0C5F-4EB0-477D-A672-BFCD56734C70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7960B3D0-01B0-480B-9B12-B4D5ACEBC526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "29536415-FEBA-470B-BBF0-B76D1148585C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E5D948-87FF-4789-B294-817294B85FD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "35D87312-7595-4E02-B33D-190A99E2F34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED4790DA-50A7-4E87-8780-79DE2818936D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4FB9A84-A927-406C-AEE3-E6884F91B488",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1B8B916-894A-4555-B85E-971543039C5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0A6A70E-9992-4042-B3EF-F82CCE17F1E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F66ED38-32AC-4E7A-8506-625A53428E61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E702BA-98F3-402A-B4B4-EDB862455922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E95C76-F625-4C35-B4F6-C9C0625FD151",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB8E645-65C2-47D8-9FA6-78E5AFDB91EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5286DEA-ECE0-4E40-96FE-11144B317EDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.19:-:*:*:*:*:*:*",
              "matchCriteriaId": "F663B778-D1F3-4551-9812-61BF45A77279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0335D9-8789-48B5-A0FE-40A30993F535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "65390F75-4D2A-4A3A-97BC-16C2A7F08BDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "88616AE6-0E5E-48CC-827D-CBC09BB4D352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "0543F1CA-D9A6-478E-B9B3-804C6A8DB2C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9639CAE7-FE63-4286-BE8C-E82E734F1B78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9958CCA3-7B3C-4CB5-9188-32C73C08735F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "14F79A15-D8C0-4041-AB5C-7B640011391A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "07DE8CDF-8D02-4744-806C-BFC18333ECE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6F247DF-C078-4CCA-9352-54F36DC5A4BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43350B4E-7D95-4963-ABF4-237E9E63A841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F4E655A-4175-4953-AD19-F1F9BE1ABF62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "8E8CD9C8-8F1E-428D-B7D4-BC822553F92D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "67696CA2-739B-40A3-9DD5-95A7BFA1448F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B8832F-7202-45C8-A7B2-30D3F2D57D41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C81041A-1D6C-413A-8886-6F1308CA0E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5678EC30-3F90-4911-B5E8-E01751BE13F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "87AB67FA-11E4-4807-B62F-2AD3BA31AC45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "DF30F289-0826-45C9-BDE4-6B78299E6536",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.1."
    },
    {
      "lang": "es",
      "value": "Cosmos ofrece a los usuarios la posibilidad de autohospedar un servidor dom\u00e9stico actuando como una puerta de enlace segura a su aplicaci\u00f3n, as\u00ed como un administrador de servidor. Cosmos-server es vulnerable debido a que el encabezado de autorizaci\u00f3n utilizado para el inicio de sesi\u00f3n del usuario sigue siendo v\u00e1lido y no caduca despu\u00e9s del cierre de sesi\u00f3n. Esta vulnerabilidad permite a un atacante utilizar el token para obtener acceso no autorizado a la aplicaci\u00f3n/sistema incluso despu\u00e9s de que el usuario haya cerrado sesi\u00f3n. Este problema se solucion\u00f3 en la versi\u00f3n 0.13.0."
    }
  ],
  "id": "CVE-2023-49091",
  "lastModified": "2025-04-11T14:17:55.343",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-29T20:15:08.390",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/azukaar/Cosmos-Server/commit/7a3fdfb467bd4d1f8333e3e1f3c3f5fca0b69cd7"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-613"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-613"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-49091 (GCVE-0-2023-49091)

GSD-2023-49091

FKIE_CVE-2023-49091

Tags

Sightings

Nomenclature