Unrated severityNVD Advisory· Published Jan 3, 2022· Updated Aug 3, 2024
Talkyard - Insufficient Session Expiration
CVE-2021-25981
Description
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks)
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/debiki/talkyard/commit/b0310df019887f3464895529c773bc7d85ddcf34mitrex_refsource_MISC
- github.com/debiki/talkyard/commit/b0712915d8a22a20b09a129924e8a29c25ae5761mitrex_refsource_MISC
- www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25981mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.