How severe is CVE-2024-34709?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2024-34709?

This is classified as CWE-613, which is a common weakness in software security.

CVE-2024-34709

MEDIUM Year: 2024

CVSS v3 Score

5.4

Medium

Weakness Type

CWE-613

View all →

Vulnerability Description

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.0, session tokens function like the other JWT tokens where they are not actually invalidated when logging out. The `directus_session` gets destroyed and the cookie gets deleted but if the cookie value is captured, it will still work for the entire expiry time which is set to 1 day by default. Making it effectively a long lived unrevokable stateless token instead of the stateful session token it was meant to be. This vulnerability is fixed in 10.11.0.

CVE-2019-0015

MEDIUM

CVSS:5.4(Medium)

A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immedia...

CWE-6132019

CVE-2019-5531

MEDIUM

CVSS:5.4(Medium)

VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b,...

CWE-6132019

CVE-2020-1768

MEDIUM

CVSS:5.4(Medium)

The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS ...

CWE-6132020

CVE-2020-6291

MEDIUM

CVSS:5.4(Medium)

SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration

CWE-6132020

CVE-2021-3844

MEDIUM

CVSS:5.4(Medium)

Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an...

CWE-6132021

CVE-2022-23502

MEDIUM

CVSS:5.4(Medium)

TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functional...

CWE-6132022

CVE-2024-34709

Vulnerability Description

Related Vulnerabilities

CVE-2019-0015

CVE-2019-5531

CVE-2020-1768

CVE-2020-6291

CVE-2021-3844

CVE-2022-23502