CVE-2020-18701 – lin-cms

Package

Manager: pip
Name: lin-cms
Vulnerable Version: =0.1.1a1 || =0.1.1a2 || =0.1.1a3 || =0.1.1a4 || =0.1.1a5 || =0.1.1a6 || =0.1.1a7 || =0.1.1a8 || =0.1.1b1 || =0.1.1b2 || =0.1.1b3 || =0.1.1b4 || =0.2.0b1 || =0.2.0b2 || =0.2.0b3 || =0.3.0a10 || =0.3.0a2 || =0.3.0a3 || =0.3.0a4 || =0.3.0a5 || =0.3.0a6 || =0.3.0a7 || =0.3.0a8 || =0.3.0a9 || =0.3.1 || =0.4.0 || =0.4.2 || =0.4.3 || =0.4.4 || =0.4.5 || =0.4.6 || =0.4.7 || =0.4.8 || =0.4.10 || =0.4.9

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01238 pctl0.78448

Details

Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets.

Metadata

Created: 2021-08-16T18:15:00Z
Modified: 2023-11-08T04:02:44.284517Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F039
Auto approve: 1