| Changed |
Description |
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as used respectively in Mattermost, versions prior to v5.37.6, v5.39.3, v6.0.4, v6.1.1 and v6.2.0, are vulnerable to Insufficient Session Expiration. When a user initiates a logout, their session is not invalidated properly. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, to completely take over a victim account.
|
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate is a reservation duplicate of [CVE-2021-37866]. Notes: All CVE users should reference [CVE-2021-37866] instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
|
| Removed |
CVSS V3.1 |
WhiteSource AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
| Removed |
CWE |
WhiteSource CWE-613
|
|
| Removed |
Reference |
https://github.com/mattermost/focalboard/commit/0142c114e9325722d6c8e8ca00f10f0f34dd0409 [Patch, Third Party Advisory]
|
|
| Removed |
Reference |
https://github.com/mattermost/focalboard/commit/0ebc9a4be110764a2510bf886531f21e21b079ea [Patch, Third Party Advisory]
|
|
| Removed |
Reference |
https://github.com/mattermost/focalboard/commit/2f08c6782762e58e008bd50f3892cb1cdd1be539 [Patch, Third Party Advisory]
|
|
| Removed |
Reference |
https://github.com/mattermost/focalboard/commit/6104de5ba51f79d749b9d5406fde5c2983fc5c5c [Patch, Third Party Advisory]
|
|
| Removed |
Reference |
https://github.com/mattermost/focalboard/commit/87f4dd224c8736778a8f23788a92471b11da9061 [Patch, Third Party Advisory]
|
|
| Removed |
Reference |
https://github.com/mattermost/focalboard/commit/a2fab2c1d9b3f61871f6da4dc434a2b19ca9552c [Patch, Third Party Advisory]
|
|
| Removed |
Reference |
https://github.com/mattermost/mattermost-server/commit/0a042ca05fefa0584045bab1b7dae102360c98c5 [Patch, Third Party Advisory]
|
|
| Removed |
Reference |
https://github.com/mattermost/mattermost-server/commit/5f7fd34956ad5bf7e3697a920e377e11c16dda06 [Patch, Third Party Advisory]
|
|
| Removed |
Reference |
https://github.com/mattermost/mattermost-server/commit/6a4c881450973284c3ed98f39bde4809ddd8a758 [Patch, Third Party Advisory]
|
|
| Removed |
Reference |
https://github.com/mattermost/mattermost-server/commit/74e87ec3e623202a9654ae164e834cfe26dd6ec3 [Patch, Third Party Advisory]
|
|
| Removed |
Reference |
https://github.com/mattermost/mattermost-server/commit/7bc182de9eebb708d62b828213144a1aa4560fa0 [Patch, Third Party Advisory]
|
|
| Removed |
Reference |
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22122 [Exploit, Patch, Third Party Advisory]
|
|
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
