FKIE_CVE-2025-24973

Vulnerability from fkie_nvd - Published: 2025-02-11 16:15 - Updated: 2025-02-11 16:15
Severity ?
9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker to steal authentication tokens. This could have devastating consequences if a user with admin privileges is (or was) using a shared device. Users who have logged in on a shared device should go to Settings > Security and regenerate their login tokens. Version 12.25Q1.1 fixes the issue. As a workaround, clear cookies and site data in the browser after logging out.
References
security-advisories@github.comhttps://github.com/nexryai/concorde/commit/1f6ac9b289906083b132e4f9667a31a60ef83e4e
security-advisories@github.comhttps://github.com/nexryai/concorde/security/advisories/GHSA-2369-p2wh-7cc2
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker to steal authentication tokens. This could have devastating consequences if a user with admin privileges is (or was) using a shared device. Users who have logged in on a shared device should go to Settings \u003e Security and regenerate their login tokens. Version 12.25Q1.1 fixes the issue. As a workaround, clear cookies and site data in the browser after logging out."
    },
    {
      "lang": "es",
      "value": "Concorde, anteriormente conocida como Nexkey, es una bifurcaci\u00f3n de la plataforma de microblogging federada Misskey. Antes de la versi\u00f3n 12.25Q1.1, debido a una implementaci\u00f3n incorrecta del proceso de cierre de sesi\u00f3n, las credenciales de autenticaci\u00f3n permanec\u00edan en las cookies incluso despu\u00e9s de que un usuario cerrara sesi\u00f3n expl\u00edcitamente, lo que pod\u00eda permitir a un atacante robar tokens de autenticaci\u00f3n. Esto podr\u00eda tener consecuencias devastadoras si un usuario con privilegios de administrador est\u00e1 (o estaba) usando un dispositivo compartido. Los usuarios que hayan iniciado sesi\u00f3n en un dispositivo compartido deben ir a Configuraci\u00f3n \u0026gt; Seguridad y regenerar sus tokens de inicio de sesi\u00f3n. La versi\u00f3n 12.25Q1.1 soluciona el problema. Como workaround, borre las cookies y los datos del sitio en el navegador despu\u00e9s de cerrar sesi\u00f3n. "
    }
  ],
  "id": "CVE-2025-24973",
  "lastModified": "2025-02-11T16:15:52.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-11T16:15:52.020",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/nexryai/concorde/commit/1f6ac9b289906083b132e4f9667a31a60ef83e4e"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/nexryai/concorde/security/advisories/GHSA-2369-p2wh-7cc2"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-613"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.