GHSA-438x-2p9v-g8h9

Suggest an improvement
Source
https://github.com/advisories/GHSA-438x-2p9v-g8h9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-438x-2p9v-g8h9/GHSA-438x-2p9v-g8h9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-438x-2p9v-g8h9
Aliases
Published
2022-05-24T22:28:10Z
Modified
2023-11-08T04:05:19.187673Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Camaleon CMS Insufficient Session Expiration vulnerability
Details

Camaleon CMS 0.1.7 through 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed. Resolved in commit 77e31bc6cdde7c951fba104aebcd5ebb3f02b030 which is included in the 2.6.0.1 release.

Database specific 
{
    "nvd_published_at": "2021-10-20T12:15:00Z",
    "github_reviewed_at": "2023-01-24T15:59:43Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-613"
    ]
}
References

Affected packages

RubyGems / camaleon_cms

Package

Name
camaleon_cms
Purl
pkg:gem/camaleon_cms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.1.7
Fixed
2.6.0.1

Affected versions

0.*

0.1.7
0.1.8
0.1.9
0.2.0
0.2.1

1.*

1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0

2.*

2.0.1
2.0.2
2.0.3
2.0.4
2.0.4.1
2.1.0
2.1.1
2.1.1.4
2.1.2.0
2.1.2.1
2.2.0
2.2.1
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.7.1
2.3.7.2
2.4.0
2.4.1
2.4.2
2.4.3
2.4.3.1
2.4.3.2
2.4.3.3
2.4.3.4
2.4.3.5
2.4.3.6
2.4.3.7
2.4.3.8
2.4.3.9
2.4.3.10
2.4.3.11
2.4.3.12
2.4.3.13
2.4.4
2.4.4.1
2.4.4.2
2.4.4.3
2.4.4.4
2.4.4.5
2.4.4.6
2.4.4.7
2.4.5
2.4.5.1
2.4.5.2
2.4.5.3
2.4.5.4
2.4.5.5
2.4.5.7
2.4.5.8
2.4.5.9
2.4.5.10
2.4.5.11
2.4.5.12
2.4.5.13
2.4.5.14
2.4.6.0
2.4.6.1
2.4.6.2
2.4.6.3
2.4.6.4
2.4.6.5
2.4.6.6
2.4.6.7
2.4.6.8
2.4.6.9
2.5.0
2.5.1
2.5.2
2.5.3
2.5.3.1
2.6.0