Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2021-07-07 CVE-2021-26037 Insufficient Session Expiration vulnerability in Joomla Joomla!
An issue was discovered in Joomla! 2.5.0 through 3.9.27.
network
low complexity
joomla CWE-613
5.3
2021-06-22 CVE-2021-34428 Insufficient Session Expiration vulnerability in multiple products
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager.
3.5
2021-06-08 CVE-2021-22221 Insufficient Session Expiration vulnerability in Gitlab
An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before 13.12.2.
network
low complexity
gitlab CWE-613
6.5
2021-06-03 CVE-2021-32923 Insufficient Session Expiration vulnerability in Hashicorp Vault
HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use.
network
high complexity
hashicorp CWE-613
7.4
2021-05-27 CVE-2020-10709 Insufficient Session Expiration vulnerability in Redhat Ansible Tower
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application.
local
low complexity
redhat CWE-613
7.1
2021-05-13 CVE-2021-22136 Insufficient Session Expiration vulnerability in Elastic Kibana
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected.
low complexity
elastic CWE-613
3.5
2021-04-23 CVE-2021-31408 Insufficient Session Expiration vulnerability in Vaadin Flow and Vaadin
Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out.
local
low complexity
vaadin CWE-613
7.1
2021-03-15 CVE-2020-35358 Insufficient Session Expiration vulnerability in Domainmod 4.15.0
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability.
network
low complexity
domainmod CWE-613
critical
9.8
2021-03-07 CVE-2009-20001 Insufficient Session Expiration vulnerability in Mantisbt
An issue was discovered in MantisBT before 2.24.5.
network
low complexity
mantisbt CWE-613
8.1
2021-02-27 CVE-2021-3144 Insufficient Session Expiration vulnerability in multiple products
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration.
network
low complexity
saltstack fedoraproject debian CWE-613
critical
9.1