All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2024-02-17T05:00:03.171Z

Updated: 2024-12-06T18:30:09.279Z

Reserved: 2023-12-22T12:33:20.118Z

Link: CVE-2024-21492

cve-icon Vulnrichment

Updated: 2024-08-01T22:20:40.830Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-02-17T05:15:08.223

Modified: 2024-12-06T19:15:11.520

Link: CVE-2024-21492

cve-icon Redhat

No data.