U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2022-22122

Change History

CVE Modified by Mend 2/02/2022 12:15:11 PM

Action Type Old Value New Value
Removed CVSS V3.1
WhiteSource AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Removed CWE
WhiteSource CWE-613

Changed Description
In Mattermost Focalboard, versions prior to v0.7.5, v0.8.4, v0.9.5, v0.10.1 and v0.11.0-rc1; as used respectively in Mattermost, versions prior to v5.37.6, v5.39.3, v6.0.4, v6.1.1 and v6.2.0, are vulnerable to Insufficient Session Expiration. When a user initiates a logout, their session is not invalidated properly. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, to completely take over a victim account.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This candidate is a reservation duplicate of [CVE-2021-37866]. Notes: All CVE users should reference [CVE-2021-37866] instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Removed Reference
https://github.com/mattermost/focalboard/commit/0142c114e9325722d6c8e8ca00f10f0f34dd0409 [Patch, Third Party Advisory]

Removed Reference
https://github.com/mattermost/focalboard/commit/0ebc9a4be110764a2510bf886531f21e21b079ea [Patch, Third Party Advisory]

Removed Reference
https://github.com/mattermost/focalboard/commit/2f08c6782762e58e008bd50f3892cb1cdd1be539 [Patch, Third Party Advisory]

Removed Reference
https://github.com/mattermost/focalboard/commit/6104de5ba51f79d749b9d5406fde5c2983fc5c5c [Patch, Third Party Advisory]

Removed Reference
https://github.com/mattermost/focalboard/commit/87f4dd224c8736778a8f23788a92471b11da9061 [Patch, Third Party Advisory]

Removed Reference
https://github.com/mattermost/focalboard/commit/a2fab2c1d9b3f61871f6da4dc434a2b19ca9552c [Patch, Third Party Advisory]

Removed Reference
https://github.com/mattermost/mattermost-server/commit/0a042ca05fefa0584045bab1b7dae102360c98c5 [Patch, Third Party Advisory]

Removed Reference
https://github.com/mattermost/mattermost-server/commit/5f7fd34956ad5bf7e3697a920e377e11c16dda06 [Patch, Third Party Advisory]

Removed Reference
https://github.com/mattermost/mattermost-server/commit/6a4c881450973284c3ed98f39bde4809ddd8a758 [Patch, Third Party Advisory]

Removed Reference
https://github.com/mattermost/mattermost-server/commit/74e87ec3e623202a9654ae164e834cfe26dd6ec3 [Patch, Third Party Advisory]

Removed Reference
https://github.com/mattermost/mattermost-server/commit/7bc182de9eebb708d62b828213144a1aa4560fa0 [Patch, Third Party Advisory]

Removed Reference
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22122 [Exploit, Patch, Third Party Advisory]