CVE-2024-48926

LOW Year: 2024
CVSS v3 Score
3.1
Low
Weakness Type
CWE-613
View all →

Vulnerability Description

Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server session has fully expired, causing users to believe they have been logged out approximately 30 seconds before they actually are. Versions 13.5.2, 10.8,7, and 8.18.15 contain a patch for the issue.

Related Vulnerabilities

CVE-2023-41041

LOW
CVSS:3.1(Low)

Graylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its ...

CWE-6132023

CVE-2020-13353

LOW
CVSS:3.2(Low)

When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.

CWE-6132020

CVE-2023-22591

LOW
CVSS:3.2(Low)

IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password re...

CWE-6132023

CVE-2016-0234

LOW
CVSS:3.3(Low)

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Forc...

CWE-6132016

CVE-2021-27751

LOW
CVSS:3.3(Low)

HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible.

CWE-6132021

CVE-2023-45659

LOW
CVSS:2.8(Low)

Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' se...

CWE-6132023