Vulnerabilities > CVE-2022-25590 - Insufficient Session Expiration vulnerability in Surveyking 0.2.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

surveyking

CWE-613

NVD

Published: 2022-03-25

Updated: 2022-03-31

Summary

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.

Vulnerable Configurations

Part	Description	Count
Application	Surveyking Surveyking Surveyking 0.2.0	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://github.com/javahuang/SurveyKing/issues/7
http://surveyking.com
https://github.com/javahuang/SurveyKing