All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2024-02-17T05:00:03.171Z
Updated: 2024-12-06T18:30:09.279Z
Reserved: 2023-12-22T12:33:20.118Z
Link: CVE-2024-21492
Vulnrichment
Updated: 2024-08-01T22:20:40.830Z
NVD
Status : Awaiting Analysis
Published: 2024-02-17T05:15:08.223
Modified: 2024-12-06T19:15:11.520
Link: CVE-2024-21492
Redhat
No data.