CVE-2024-56733

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-56733
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56733.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-56733
Aliases
Published
2024-12-30T16:46:37Z
Modified
2025-10-22T18:44:46.235966Z
Severity
  • 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Password Pusher Allows Session Token Interception Leading to Potential Hijacking
Details

Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before this process, they can use the token to gain unauthorized access to the user's session until the token expires or is manually cleared. This vulnerability hinges on the attacker's ability to access the session cookie during an active session, either through a man-in-the-middle attack, by exploiting another vulnerability like XSS, or via direct access to the victim's device. Although there is no direct resolution to this vulnerability, it is recommended to always use the latest version of Password Pusher to best mitigate risk. If self-hosting, ensure Password Pusher is hosted exclusively over SSL connections to encrypt traffic and prevent session cookies from being intercepted in transit. Additionally, implement best practices in local security to safeguard user systems, browsers, and data against unauthorized access.

Database specific 
{
    "cwe_ids": [
        "CWE-384"
    ]
}
References

Affected packages

Git / github.com/pglombardo/passwordpusher

Affected ranges

Type
GIT
Repo
https://github.com/pglombardo/passwordpusher
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f3c5a2a552af0fa61108b91a6ab6662d3b91ebf2

Affected versions

Other

release

v1.*

v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.11.0
v1.11.1
v1.11.10
v1.11.11
v1.11.12
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.11.6
v1.11.7
v1.11.8
v1.11.8.1
v1.11.9
v1.12.0
v1.13.0
v1.14.0
v1.14.1
v1.14.2
v1.14.3
v1.15.0
v1.15.1
v1.16.0
v1.16.1
v1.17.0
v1.17.1
v1.17.10
v1.17.11
v1.17.12
v1.17.13
v1.17.14
v1.17.15
v1.17.2
v1.17.3
v1.17.4
v1.17.5
v1.17.6
v1.17.7
v1.17.8
v1.17.9
v1.18.0
v1.19.0
v1.19.1
v1.20.0
v1.20.1
v1.20.2
v1.20.3
v1.20.4
v1.20.5
v1.20.6
v1.20.7
v1.21.0
v1.22.0
v1.22.1
v1.22.2
v1.22.3
v1.23.0
v1.23.1
v1.23.10
v1.23.2
v1.23.3
v1.23.4
v1.23.5
v1.23.6
v1.23.7
v1.23.8
v1.23.9
v1.24.0
v1.24.1
v1.24.2
v1.24.3
v1.24.4
v1.24.5
v1.24.6
v1.24.7
v1.24.8
v1.25.0
v1.25.1
v1.25.2
v1.25.3
v1.25.4
v1.25.5
v1.25.6
v1.25.7
v1.25.8
v1.26.0
v1.26.1
v1.26.10
v1.26.11
v1.26.12
v1.26.13
v1.26.14
v1.26.15
v1.26.16
v1.26.17
v1.26.18
v1.26.2
v1.26.3
v1.26.4
v1.26.5
v1.26.6
v1.26.7
v1.26.8
v1.26.9
v1.27.0
v1.28.0
v1.28.1
v1.28.10
v1.28.11
v1.28.12
v1.28.13
v1.28.14
v1.28.2
v1.28.2.rc1
v1.28.2.rc2
v1.28.3
v1.28.4
v1.28.5
v1.28.6
v1.28.7
v1.28.8
v1.28.9
v1.29.0
v1.29.1
v1.29.2
v1.29.3
v1.30.0
v1.30.1
v1.30.10
v1.30.11
v1.30.12
v1.30.13
v1.30.2
v1.30.3
v1.30.4
v1.30.5
v1.30.6
v1.30.7
v1.30.8
v1.30.9
v1.31.0
v1.31.1
v1.31.2
v1.31.3
v1.31.4
v1.31.5
v1.31.6
v1.31.7
v1.31.8
v1.32.0
v1.32.1
v1.32.2
v1.32.3
v1.32.4
v1.32.5
v1.32.6
v1.32.7
v1.32.8
v1.32.9
v1.33.0
v1.34.0
v1.34.1
v1.34.2
v1.34.3
v1.34.4
v1.34.5
v1.35.0
v1.35.1
v1.35.2
v1.36.0
v1.36.1
v1.36.2
v1.36.3
v1.36.4
v1.36.5
v1.36.6
v1.36.7
v1.36.8
v1.36.9
v1.37.0
v1.37.1
v1.37.10
v1.37.11
v1.37.12
v1.37.2
v1.37.3
v1.37.4
v1.37.5
v1.37.6
v1.37.7
v1.37.8
v1.37.9
v1.38.0
v1.38.1
v1.39.0
v1.39.1
v1.39.2
v1.39.3
v1.39.4
v1.39.5
v1.39.6
v1.39.7
v1.39.8
v1.39.9
v1.40.0
v1.40.1
v1.40.10
v1.40.11
v1.40.12
v1.40.13
v1.40.14
v1.40.15
v1.40.2
v1.40.3
v1.40.4
v1.40.5
v1.40.6
v1.40.7
v1.40.8
v1.40.9
v1.41.0
v1.41.1
v1.41.10
v1.41.11
v1.41.12
v1.41.13
v1.41.14
v1.41.15
v1.41.2
v1.41.3
v1.41.4
v1.41.5
v1.41.6
v1.41.7
v1.41.8
v1.41.9
v1.42.0
v1.42.1
v1.42.2
v1.43.0
v1.43.1
v1.44.0
v1.45.0
v1.45.1
v1.45.10
v1.45.11
v1.45.2
v1.45.3
v1.45.4
v1.45.5
v1.45.6
v1.45.7
v1.45.8
v1.45.9
v1.46.0
v1.46.1
v1.46.2
v1.46.3
v1.47.0
v1.47.1
v1.47.2
v1.47.3
v1.47.4
v1.48.0
v1.48.1
v1.48.2
v1.49.0
v1.49.1
v1.49.2
v1.49.3
v1.49.4
v1.50.0
v1.50.1
v1.50.2
v1.50.3
v1.6.0
v1.7.0
v1.8.0
v1.9.0
v1.9.1