VYPR
High severityNVD Advisory· Published Oct 20, 2021· Updated Apr 30, 2025

Camaleon CMS - Insufficient Session Expiration after Password Change

CVE-2021-25970

Description

Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
camaleon_cmsRubyGems
>= 0.1.7, < 2.6.0.12.6.0.1

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.