How severe is CVE-2023-45659?

This vulnerability has a severity rating of LOW with a CVSS score of 2.8 out of 10.

What type of vulnerability is CVE-2023-45659?

This is classified as CWE-613, which is a common weakness in software security.

CVE-2023-45659

LOW Year: 2023

CVSS v3 Score

2.8

Low

Weakness Type

CWE-613

View all →

Vulnerability Description

Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit `dbb089315ff3d`. Users are advised to update their installations. There are no known workarounds for this vulnerability.

CVE-2022-4070

LOW

CVSS:2.7(Low)

Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.

CWE-6132022

CVE-2020-25374

LOW

CVSS:2.6(Low)

CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.

CWE-6132020

CVE-2024-7998

LOW

CVSS:2.6(Low)

In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan.

CWE-6132024

CVE-2023-41041

LOW

CVSS:3.1(Low)

Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its ...

CWE-6132023

CVE-2024-48926

LOW

CVSS:3.1(Low)

Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18...