VYPR
Unrated severityNVD Advisory· Published Jan 22, 2020· Updated Sep 17, 2024

Rapid7 AppSpider Chrome Plugin Insufficient Session Expiration

CVE-2019-5647

Description

The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215.

Affected products

2
  • Rapid7/Appspider Prollm-fuzzy2 versions
    <=3.8.213+ 1 more
    • (no CPE)range: <=3.8.213
    • (no CPE)range: 3.8.213

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.