5
CVE-2026-24667
- EPSS 0.13%
- Veröffentlicht 03.02.2026 16:59:32
- Zuletzt bearbeitet 10.02.2026 18:35:19
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginOpen eClass's Active Sessions Not Invalidated After Password Change Allow Persistent Account Access
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user accounts. This issue has been patched in version 4.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gunet ≫ Open Eclass Platform Version < 4.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.028 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5 | 1.6 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
https://github.com/gunet/openeclass/security/advisories/GHSA-5h73-53mh-m224