Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1tZjc5LWY2NTctNDd3d800zA

High EPSS: 0.00264% (0.49677 Percentile) EPSS:
Permalink JSON

Insufficient Session Expiration in Admidio

Affected Packages Affected Versions Fixed Versions
packagist:admidio/admidio < 4.1.9 4.1.9
1 Dependent packages
1 Dependent repositories
23 Downloads total

Affected Version Ranges

All affected versions

4.1.0, 4.1.3

All unaffected versions

4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.10, 4.2.11, 4.2.12, 4.2.13, 4.2.14, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.3.14, 4.3.15

Admidio prior to version 4.1.9 is vulnerable to insufficient session expiration. In vulnerable versions, changing the password in one session does not terminate sessions logged in with the old password, which could lead to unauthorized actors maintaining access to an account.

References:

Identifiers

GHSA-mf79-f657-47ww

CVE-2022-0991

Risk

Severity

High

EPSS

EPSS Percentage: 0.00264

EPSS Percentile: 0.49677

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/admidio/admidio

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON