CVE-2021-22136

LOW Year: 2021
CVSS v3 Score
3.5
Low
CVSS v2 Score
3.6
Low
Weakness Type
CWE-613
View all →

Vulnerability Description

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session from timing out.

Related Vulnerabilities

CVE-2021-34428

LOW
CVSS:3.5(Low)

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manag...

CWE-6132021

CVE-2022-24744

LOW
CVSS:3.5(Low)

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password r...

CWE-6132022

CVE-2016-0234

LOW
CVSS:3.3(Low)

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Forc...

CWE-6132016

CVE-2021-27751

LOW
CVSS:3.3(Low)

HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible.

CWE-6132021

CVE-2024-22403

LOW
CVSS:3.7(Low)

Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time...

CWE-6132024

CVE-2020-13353

LOW
CVSS:3.2(Low)

When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.

CWE-6132020