GHSA-2q2f-h83x-cx3x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2q2f-h83x-cx3x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-2q2f-h83x-cx3x/GHSA-2q2f-h83x-cx3x.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2q2f-h83x-cx3x
- Aliases
- Published
- 2024-05-14T21:34:44Z
- Modified
- 2024-07-05T21:20:31.255841Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Reportico Web fails to invalidate cookies upon logout
- Details
-
An issue in Reportico Web before v.8.1.0. This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout. When a user logs out of the application, the session cookie should be invalidated to prevent unauthorized access. However, due to the oversight in the application's implementation, the session cookie remains active even after logout. Consequently, if an attacker obtains the session cookie, they can exploit it to access the user's session and perform unauthorized actions.
- References
Affected packages
Packagist / reportico-web/reportico
Package
- Name
- reportico-web/reportico
- Purl
- pkg:composer/reportico-web/reportico
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected8.1.0
Affected versions
4.*
4.6
6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.0.10
6.0.11
6.0.12
6.0.13
6.0.14
6.0.15
6.0.16
7.*
7.0.1-alpha
7.0.2-alpha
7.0.3-alpha
7.0.4-alpha
7.0.5-alpha
7.0.6-alpha
7.0.7-alpha
7.0.8-alpha
7.0.9-alpha
7.0.10-alpha
7.1.0-alpha
7.1.1-alpha
7.1.2-alpha
7.1.3-alpha
7.1.4-alpha
7.1.5-alpha
7.1.6-alpha
7.1.7-alpha
7.1.8-alpha
7.1.9-alpha
7.1.10-alpha
7.1.11-alpha
7.1.12-alpha
7.1.13-alpha
7.1.14-alpha
7.1.15-alpha
7.1.16-alpha
7.1.17-alpha
7.1.18-alpha
7.1.19-beta
7.1.20-beta
7.1.21-beta
7.1.22-beta
7.1.23-beta
7.1.24-beta
7.1.25-beta
7.1.26-beta
7.1.27-beta
7.1.28-beta
7.1.29-beta
7.1.30-beta
7.1.31-beta
7.1.32-beta
7.1.33-beta
7.1.34-beta
7.1.35-beta
7.1.36-beta
7.1.37-beta
7.1.38-beta
7.1.39-beta
7.1.40-beta
7.1.41-beta
7.1.42-beta
8.*
8.0.1
8.0.2
8.0.3
8.1.0