8.3

CVE-2023-0227

Exploit

Insufficient Session Expiration in pyload/pyload

Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PyloadPyload Version < 2023-01-12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.66% 0.465
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security@huntr.dev 8.3 2.8 5.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
CWE-613 Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

https://github.com/pyload/pyload/commit/c035714c0596b704b11af0f8a669352f128ad2d9
Patch
Third Party Advisory
https://huntr.dev/bounties/af3101d7-fea6-463a-b7e4-a48be219e31b
Patch
Third Party Advisory
Exploit
Issue Tracking