Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CWE-613: Insufficient Session Expiration #135

Open
lujiefsi opened this issue Dec 7, 2022 · 0 comments
Open

CWE-613: Insufficient Session Expiration #135

lujiefsi opened this issue Dec 7, 2022 · 0 comments
Labels
enhancement

Comments

@lujiefsi
Copy link

lujiefsi commented Dec 7, 2022

Please check open issues before creating a new one to avoid duplicates.

  • Are you running a release or master: master
  • Issue is about a fresh instance (no data in db) or restart:a fresh instance

it seems that we do not invalidate user sesssion after logout.

  • Reproduce: we open two pages as the same user, we logout in one page, but we still can do any operation in aonther page.
  • This also could allow an authenticated remote attacker to hijack other users' sessions.
  • similar CVE:CVE-2022-34334 CVE-2022-33137 CVE-2022-31677
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@artpar @lujiefsi