How severe is CVE-2024-12667?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-12667?

This is classified as CWE-613, which is a common weakness in software security.

CVE-2024-12667 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Related Vulnerabilities

CVE-2016-8712

MEDIUM

CVSS:5.9(Medium)

An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication reques...

CWE-6132016

CVE-2017-12867

MEDIUM

CVSS:5.9(Medium)

The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.

CWE-6132017

CVE-2018-11386

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler cl...

CWE-6132018

CVE-2020-17473

MEDIUM

CVSS:5.9(Medium)

Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.

CWE-6132020

CVE-2022-22317

MEDIUM

CVSS:5.9(Medium)

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281.

CWE-6132022

CVE-2022-22318

MEDIUM

CVSS:5.9(Medium)

IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

CWE-6132022