CVE-2023-49091

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-49091
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49091.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-49091
Related
  • GHSA-hpvm-x7m8-3c6x
Published
2023-11-29T20:15:08Z
Modified
2025-01-22T08:49:46.784026Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.1.

References

Affected packages

Git / github.com/azukaar/cosmos-server

Affected ranges

Type
GIT
Repo
https://github.com/azukaar/cosmos-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*

v0.1.15
v0.1.16
v0.1.17
v0.10.0
v0.10.0-unstable
v0.10.0-unstable1
v0.10.0-unstable10
v0.10.0-unstable11
v0.10.0-unstable12
v0.10.0-unstable13
v0.10.0-unstable14
v0.10.0-unstable15
v0.10.0-unstable16
v0.10.0-unstable17
v0.10.0-unstable18
v0.10.0-unstable19
v0.10.0-unstable2
v0.10.0-unstable20
v0.10.0-unstable21
v0.10.0-unstable22
v0.10.0-unstable23
v0.10.0-unstable24
v0.10.0-unstable25
v0.10.0-unstable26
v0.10.0-unstable27
v0.10.0-unstable28
v0.10.0-unstable29
v0.10.0-unstable3
v0.10.0-unstable30
v0.10.0-unstable31
v0.10.0-unstable4
v0.10.0-unstable5
v0.10.0-unstable6
v0.10.0-unstable7
v0.10.0-unstable8
v0.10.0-unstable9
v0.10.1
v0.10.1-unstable
v0.10.1-unstable2
v0.10.1-unstable3
v0.10.2
v0.10.3
v0.10.4
v0.10.4-unstable
v0.10.4-unstable2
v0.10.4-unstable3
v0.10.4-unstable4
v0.11.0
v0.11.0-unstable
v0.11.0-unstable2
v0.11.0-unstable3
v0.11.0-unstable4
v0.11.0-unstable5
v0.11.1
v0.11.2
v0.11.3
v0.12.0
v0.12.0-unstable
v0.12.0-unstable10
v0.12.0-unstable11
v0.12.0-unstable12
v0.12.0-unstable13
v0.12.0-unstable14
v0.12.0-unstable15
v0.12.0-unstable16
v0.12.0-unstable17
v0.12.0-unstable18
v0.12.0-unstable19
v0.12.0-unstable2
v0.12.0-unstable20
v0.12.0-unstable21
v0.12.0-unstable22
v0.12.0-unstable23
v0.12.0-unstable24
v0.12.0-unstable25
v0.12.0-unstable26
v0.12.0-unstable27
v0.12.0-unstable28
v0.12.0-unstable29
v0.12.0-unstable3
v0.12.0-unstable30
v0.12.0-unstable31
v0.12.0-unstable32
v0.12.0-unstable33
v0.12.0-unstable34
v0.12.0-unstable35
v0.12.0-unstable36
v0.12.0-unstable37
v0.12.0-unstable38
v0.12.0-unstable39
v0.12.0-unstable4
v0.12.0-unstable40
v0.12.0-unstable41
v0.12.0-unstable42
v0.12.0-unstable43
v0.12.0-unstable44
v0.12.0-unstable45
v0.12.0-unstable46
v0.12.0-unstable47
v0.12.0-unstable48
v0.12.0-unstable49
v0.12.0-unstable5
v0.12.0-unstable50
v0.12.0-unstable51
v0.12.0-unstable6
v0.12.0-unstable7
v0.12.0-unstable8
v0.12.0-unstable9
v0.12.1
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.12.6
v0.12.6-unstable
v0.13.0
v0.13.0-unstable0
v0.13.0-unstable1
v0.13.0-unstable10
v0.13.0-unstable11
v0.13.0-unstable2
v0.13.0-unstable3
v0.13.0-unstable4
v0.13.0-unstable5
v0.13.0-unstable6
v0.13.0-unstable7
v0.13.0-unstable8
v0.13.0-unstable9
v0.2.0
v0.3.0-unstable
v0.3.0-unstable4
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.4.0
v0.4.0-unstable
v0.4.0-unstable10
v0.4.0-unstable11
v0.4.0-unstable12
v0.4.0-unstable2
v0.4.0-unstable3
v0.4.0-unstable4
v0.4.0-unstable5
v0.4.0-unstable6
v0.4.0-unstable7
v0.4.0-unstable8
v0.4.0-unstable9
v0.4.1
v0.4.2
v0.4.3
v0.5.0
v0.5.0-unstable
v0.5.0-unstable10
v0.5.0-unstable11
v0.5.0-unstable12
v0.5.0-unstable13
v0.5.0-unstable14
v0.5.0-unstable15
v0.5.0-unstable16
v0.5.0-unstable17
v0.5.0-unstable18
v0.5.0-unstable19
v0.5.0-unstable2
v0.5.0-unstable20
v0.5.0-unstable21
v0.5.0-unstable22
v0.5.0-unstable23
v0.5.0-unstable24
v0.5.0-unstable25
v0.5.0-unstable26
v0.5.0-unstable27
v0.5.0-unstable28
v0.5.0-unstable29
v0.5.0-unstable3
v0.5.0-unstable30
v0.5.0-unstable4
v0.5.0-unstable5
v0.5.0-unstable6
v0.5.0-unstable7
v0.5.0-unstable8
v0.5.0-unstable9
v0.5.1
v0.5.12
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.7-unstable
v0.5.8
v0.5.9
v0.6.0
v0.6.0-unstable
v0.6.0-unstable2
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.4-unstable
v0.7.0
v0.7.0-unstable
v0.7.0-unstable2
v0.7.0-unstable3
v0.7.1
v0.7.10
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
v0.8.0
v0.8.0-unstable
v0.8.0-unstable10
v0.8.0-unstable11
v0.8.0-unstable12
v0.8.0-unstable2
v0.8.0-unstable3
v0.8.0-unstable4
v0.8.0-unstable5
v0.8.0-unstable7
v0.8.0-unstable8
v0.8.0-unstable9
v0.8.1
v0.8.10
v0.8.11
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.8
v0.8.9
v0.9.0
v0.9.0-unstable
v0.9.0-unstable10
v0.9.0-unstable11
v0.9.0-unstable12
v0.9.0-unstable13
v0.9.0-unstable2
v0.9.0-unstable3
v0.9.0-unstable4
v0.9.0-unstable5
v0.9.0-unstable6
v0.9.0-unstable7
v0.9.0-unstable8
v0.9.0-unstable9
v0.9.1
v0.9.10
v0.9.11
v0.9.12
v0.9.13
v0.9.14
v0.9.15
v0.9.16
v0.9.17
v0.9.18
v0.9.19
v0.9.19-unstable
v0.9.2
v0.9.20
v0.9.21
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.8
v0.9.9