CVE-2022-2713 – aheinze/cockpit

Package

Manager: composer
Name: aheinze/cockpit
Vulnerable Version: >=0 <2.2.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01039 pctl0.76578

Details

Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration Cockpit before version 2.2.0 is vulnerable to Insufficient Session Expiration. The application does not validate requests after password changes, allowing a user to change their account details even after an admin changes their password.

Metadata

Created: 2022-08-09T00:00:25Z
Modified: 2022-08-18T19:14:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-vm6p-35rw-3fxc/GHSA-vm6p-35rw-3fxc.json
CWE IDs: ["CWE-613"]
Alternative ID: GHSA-vm6p-35rw-3fxc
Finding: F076
Auto approve: 1