Moderate severityNVD Advisory· Published Feb 17, 2024· Updated Dec 6, 2024
CVE-2024-21492
CVE-2024-21492
Description
All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/greenpau/caddy-securityGo | <= 1.1.23 | — |
Affected products
1- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-vp66-gf7w-9m4xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-21492ghsaADVISORY
- github.com/greenpau/caddy-securityghsaPACKAGE
- blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddyghsaWEB
- github.com/greenpau/caddy-security/issues/272ghsaWEB
- security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5920787ghsaWEB
- blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/mitre
News mentions
0No linked articles in our index yet.