CVE-2021-25981
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| debiki | talkyard | v0.2021.20 < unspecified | affected |
| debiki | talkyard | unspecified <= v0.2021.34 | affected |
Weaknesses
- CWE-613: CWE-613 Insufficient Session Expiration
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/debiki/talkyard/commit/b0310df019887f3464895529c773bc7d85ddcf34
- https://github.com/debiki/talkyard/commit/b0712915d8a22a20b09a129924e8a29c25ae5761
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25981
References
- https://github.com/debiki/talkyard/commit/b0310df019887f3464895529c773bc7d85ddcf34
- https://github.com/debiki/talkyard/commit/b0712915d8a22a20b09a129924e8a29c25ae5761
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25981
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.