GHSA-2q2f-h83x-cx3x

Suggest an improvement
Source
https://github.com/advisories/GHSA-2q2f-h83x-cx3x
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-2q2f-h83x-cx3x/GHSA-2q2f-h83x-cx3x.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2q2f-h83x-cx3x
Aliases
Published
2024-05-14T21:34:44Z
Modified
2024-07-05T21:20:31.255841Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Reportico Web fails to invalidate cookies upon logout
Details

An issue in Reportico Web before v.8.1.0. This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout. When a user logs out of the application, the session cookie should be invalidated to prevent unauthorized access. However, due to the oversight in the application's implementation, the session cookie remains active even after logout. Consequently, if an attacker obtains the session cookie, they can exploit it to access the user's session and perform unauthorized actions.

Database specific
{
    "nvd_published_at": "2024-05-14T21:15:12Z",
    "cwe_ids": [
        "CWE-269",
        "CWE-613"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-14T22:32:09Z"
}
References

Affected packages

Packagist / reportico-web/reportico

Package

Name
reportico-web/reportico
Purl
pkg:composer/reportico-web/reportico

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
8.1.0

Affected versions

4.*

4.6

6.*

6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.0.10
6.0.11
6.0.12
6.0.13
6.0.14
6.0.15
6.0.16

7.*

7.0.1-alpha
7.0.2-alpha
7.0.3-alpha
7.0.4-alpha
7.0.5-alpha
7.0.6-alpha
7.0.7-alpha
7.0.8-alpha
7.0.9-alpha
7.0.10-alpha
7.1.0-alpha
7.1.1-alpha
7.1.2-alpha
7.1.3-alpha
7.1.4-alpha
7.1.5-alpha
7.1.6-alpha
7.1.7-alpha
7.1.8-alpha
7.1.9-alpha
7.1.10-alpha
7.1.11-alpha
7.1.12-alpha
7.1.13-alpha
7.1.14-alpha
7.1.15-alpha
7.1.16-alpha
7.1.17-alpha
7.1.18-alpha
7.1.19-beta
7.1.20-beta
7.1.21-beta
7.1.22-beta
7.1.23-beta
7.1.24-beta
7.1.25-beta
7.1.26-beta
7.1.27-beta
7.1.28-beta
7.1.29-beta
7.1.30-beta
7.1.31-beta
7.1.32-beta
7.1.33-beta
7.1.34-beta
7.1.35-beta
7.1.36-beta
7.1.37-beta
7.1.38-beta
7.1.39-beta
7.1.40-beta
7.1.41-beta
7.1.42-beta

8.*

8.0.1
8.0.2
8.0.3
8.1.0