How severe is CVE-2024-21492?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2024-21492?

This is classified as CWE-613, which is a common weakness in software security.

CVE-2024-21492 - MEDIUM Severity | CVSS 4.8

Vulnerability Description

All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user.

Related Vulnerabilities

CVE-2023-47628

MEDIUM

CVSS:4.8(Medium)

DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. ...

CWE-6132023

CVE-2019-4072

MEDIUM

CVSS:4.7(Medium)

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the ap...

CWE-6132019

CVE-2020-13307

MEDIUM

CVSS:4.7(Medium)

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user ...

CWE-6132020

CVE-2021-35214

MEDIUM

CVSS:4.7(Medium)

The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser window...

CWE-6132021

CVE-2020-6292

MEDIUM

CVSS:4.6(Medium)

Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration.

CWE-6132020

CVE-2020-6363

MEDIUM

CVSS:4.6(Medium)

SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with usernam...

CWE-6132020