Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02ZjN2LTJyMmotMnJwcs4AA70x
Kimai information disclosure vulnerability
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.16.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-263318 is the identifier assigned to this vulnerability.
Permalink: https://github.com/advisories/GHSA-6f3v-2r2j-2rprJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02ZjN2LTJyMmotMnJwcs4AA70x
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 7 months ago
Updated: 7 months ago
CVSS Score: 3.7
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-6f3v-2r2j-2rpr, CVE-2024-4596
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-4596
- https://github.com/kimai/kimai/releases/tag/2.16.0
- https://vuldb.com/?ctiid.263318
- https://vuldb.com/?id.263318
- https://vuldb.com/?submit.328639
- https://github.com/advisories/GHSA-6f3v-2r2j-2rpr
Blast Radius: 4.5
Affected Packages
packagist:kimai/kimai
Dependent packages: 1Dependent repositories: 16
Downloads: 4,050 total
Affected Version Ranges: < 2.16.0
Fixed in: 2.16.0
All affected versions: 0.6.1, 0.8.1, 1.0.1, 1.1.0, 1.2.2, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.4.1, 1.4.2, 1.6.1, 1.6.2, 1.10.1, 1.10.2, 1.11.1, 1.14.1, 1.14.2, 1.14.3, 1.15.1, 1.15.2, 1.15.3, 1.15.4, 1.15.5, 1.15.6, 1.16.1, 1.16.2, 1.16.3, 1.16.4, 1.16.5, 1.16.6, 1.16.7, 1.16.8, 1.16.9, 1.16.10, 1.17.1, 1.18.1, 1.18.2, 1.19.1, 1.19.2, 1.19.3, 1.19.4, 1.19.5, 1.19.6, 1.19.7, 1.20.1, 1.20.2, 1.20.3, 1.20.4, 1.21.0, 1.22.0, 1.22.1, 1.23.0, 1.23.1, 1.24.0, 1.25.0, 1.26.0, 1.27.0, 1.28.0, 1.28.1, 1.29.0, 1.29.1, 1.30.0, 1.30.1, 1.30.2, 1.30.3, 1.30.4, 1.30.5, 1.30.6, 1.30.7, 1.30.8, 1.30.9, 1.30.10, 1.30.11, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19, 2.0.20, 2.0.21, 2.0.22, 2.0.23, 2.0.24, 2.0.25, 2.0.26, 2.0.27, 2.0.28, 2.0.29, 2.0.30, 2.0.31, 2.0.32, 2.0.33, 2.0.34, 2.0.35, 2.1.0, 2.2.0, 2.2.1, 2.3.0, 2.4.0, 2.4.1, 2.5.0, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.10.0, 2.11.0, 2.12.0, 2.13.0, 2.14.0, 2.15.0
All unaffected versions: 2.16.0, 2.16.1, 2.17.0, 2.18.0, 2.19.0, 2.19.1, 2.20.0, 2.20.1, 2.21.0, 2.22.0, 2.23.0, 2.24.0