How severe is CVE-2023-32318?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2023-32318?

This is classified as CWE-613, which is a common weakness in software security.

CVE-2023-32318 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1.

Related Vulnerabilities

CVE-2019-11106

MEDIUM

CVSS:6.7(Medium)

Insufficient session validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to ...

CWE-6132019

CVE-2020-15218

MEDIUM

CVSS:6.8(Medium)

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, admin pages are cached, so that their content is visible after deconnection by using the browser back b...

CWE-6132020

CVE-2020-15774

MEDIUM

CVSS:6.8(Medium)

An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An attacker with physical access to the browser of a user who has recently logged in to Gradle Enterprise and since closed their browser...

CWE-6132020

CVE-2023-1543

MEDIUM

CVSS:6.8(Medium)

Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6.

CWE-6132023

CVE-2024-11627

MEDIUM

CVSS:6.8(Medium)

: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1....

CWE-6132024

CVE-2018-2451

MEDIUM

CVSS:6.6(Medium)

XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a p...

CWE-6132018