Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0ycTJmLWg4M3gtY3gzeM4AA8Ea
Reportico Web fails to invalidate cookies upon logout
An issue in Reportico Web before v.8.1.0. This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout. When a user logs out of the application, the session cookie should be invalidated to prevent unauthorized access. However, due to the oversight in the application's implementation, the session cookie remains active even after logout. Consequently, if an attacker obtains the session cookie, they can exploit it to access the user's session and perform unauthorized actions.
Permalink: https://github.com/advisories/GHSA-2q2f-h83x-cx3xJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0ycTJmLWg4M3gtY3gzeM4AA8Ea
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 7 months ago
Updated: 5 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Identifiers: GHSA-2q2f-h83x-cx3x, CVE-2024-31556
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-31556
- https://github.com/reportico-web/reportico/issues/53
- https://github.com/advisories/GHSA-2q2f-h83x-cx3x
Blast Radius: 3.9
Affected Packages
packagist:reportico-web/reportico
Dependent packages: 3Dependent repositories: 4
Downloads: 16,572 total
Affected Version Ranges: <= 8.1.0
No known fixed version
All affected versions: 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 8.0.1, 8.0.2, 8.0.3, 8.1.0