GHSA-438x-2p9v-g8h9

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-438x-2p9v-g8h9/GHSA-438x-2p9v-g8h9.json
Aliases
  • CVE-2021-25970
Published
2022-05-24T22:28:10Z
Modified
2023-01-31T02:38:07.937112Z
Details

Camaleon CMS 0.1.7 through 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.

References

Affected packages

RubyGems / camaleon_cms

camaleon_cms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.1.7
Fixed
2.6.0.1

Affected versions

0.*

0.1.7
0.1.8
0.1.9
0.2.0
0.2.1

1.*

1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0

2.*

2.0.1
2.0.2
2.0.3
2.0.4
2.0.4.1
2.1.0
2.1.1
2.1.1.4
2.1.2.0
2.1.2.1
2.2.0
2.2.1
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.7.1
2.3.7.2
2.4.0
2.4.1
2.4.2
2.4.3
2.4.3.1
2.4.3.10
2.4.3.11
2.4.3.12
2.4.3.13
2.4.3.2
2.4.3.3
2.4.3.4
2.4.3.5
2.4.3.6
2.4.3.7
2.4.3.8
2.4.3.9
2.4.4
2.4.4.1
2.4.4.2
2.4.4.3
2.4.4.4
2.4.4.5
2.4.4.6
2.4.4.7
2.4.5
2.4.5.1
2.4.5.10
2.4.5.11
2.4.5.12
2.4.5.13
2.4.5.14
2.4.5.2
2.4.5.3
2.4.5.4
2.4.5.5
2.4.5.7
2.4.5.8
2.4.5.9
2.4.6.0
2.4.6.1
2.4.6.2
2.4.6.3
2.4.6.4
2.4.6.5
2.4.6.6
2.4.6.7
2.4.6.8
2.4.6.9
2.5.0
2.5.1
2.5.2
2.5.3
2.5.3.1
2.6.0