CVE-2023-44400

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-384
View all →

Vulnerability Description

Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue.

Related Vulnerabilities

CVE-2023-49804

HIGH
CVSS:7.8(High)

Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being lo...

CWE-3842023

CVE-2024-22250

HIGH
CVSS:7.8(High)

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP...

CWE-3842024

CVE-2017-4014

HIGH
CVSS:8.0(High)

Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP reque...

CWE-3842017

CVE-2018-11474

HIGH
CVSS:8.0(High)

Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a differe...

CWE-3842018

CVE-2018-11475

HIGH
CVSS:8.0(High)

Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.

CWE-3842018

CVE-2020-15679

HIGH
CVSS:7.6(High)

An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as t...

CWE-3842020