CVE-2021-25981

Sažetak

In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks)

Reference

https://github.com/debiki/talkyard/commit/b0310df019887f3464895529c773bc7d85ddcf34
https://github.com/debiki/talkyard/commit/b0712915d8a22a20b09a129924e8a29c25ae5761
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25981

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

14-01-2022 - 18:26

Objavljeno

03-01-2022 - 07:15