CVE-2021-25981
- Source
- https://cve.org/CVERecord?id=CVE-2021-25981
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25981.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-25981
- Published
- 2022-01-03T07:15:06.943Z
- Modified
- 2026-04-10T04:31:12.054188Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks)
- References
Affected packages
Git / github.com/debiki/talkyard
Affected versions
tyse-v0.*
tyse-v0.2021.20-33a06102f-regular
tyse-v0.2021.20-WIP-33a06102f-dev
tyse-v0.2021.21-15177b939-regular
tyse-v0.2021.21-WIP-15177b939-dev
tyse-v0.2021.22-636270da5-regular
tyse-v0.2021.22-WIP-636270da5-dev
tyse-v0.2021.23-8ddc736ad-regular
tyse-v0.2021.23-WIP-8ddc736ad-dev
tyse-v0.2021.24-WIP-bb6e05390-dev
tyse-v0.2021.24-bb6e05390-regular
tyse-v0.2021.25-WIP-b73f32922-dev
tyse-v0.2021.25-b73f32922-regular
tyse-v0.2021.26-WIP-fc86e0436-dev
tyse-v0.2021.27-3e9e549c2-regular
tyse-v0.2021.27-WIP-3e9e549c2-dev
tyse-v0.2021.28-WIP-af66b6905-dev
tyse-v0.2021.28-af66b6905-regular
tyse-v0.2021.29-8cb7f73fe-regular
tyse-v0.2021.29-WIP-8cb7f73fe-dev
tyse-v0.2021.30-463dc6017-regular
tyse-v0.2021.30-WIP-463dc6017-dev
tyse-v0.2021.31-WIP-f93d78122-dev
tyse-v0.2021.31-f93d78122-regular
tyse-v0.2021.32-941eff7aa-regular
tyse-v0.2021.32-WIP-941eff7aa-dev
tyse-v0.2021.33-2d094dfcc-regular
tyse-v0.2021.33-WIP-2d094dfcc-dev
tyse-v0.2021.34-WIP-36576003a-dev