← Volver a CVEs

CVE-2021-25981

CRITICAL

9.8

Descripcion

In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks)

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado1/3/2022

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

talkyard:talkyard

Debilidades (CWE)

CWE-613CWE-613

Referencias

https://github.com/debiki/talkyard/commit/b0310df019887f3464895529c773bc7d85ddcf34(vulnerabilitylab@mend.io)

https://github.com/debiki/talkyard/commit/b0712915d8a22a20b09a129924e8a29c25ae5761(vulnerabilitylab@mend.io)

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25981(vulnerabilitylab@mend.io)

https://github.com/debiki/talkyard/commit/b0310df019887f3464895529c773bc7d85ddcf34(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/debiki/talkyard/commit/b0712915d8a22a20b09a129924e8a29c25ae5761(af854a3a-2127-422b-91ae-364da2661108)

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25981(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.