Vulnerabilities > Insufficient Session Expiration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-03 | CVE-2021-32923 | Insufficient Session Expiration vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. | 7.4 |
| 2021-05-27 | CVE-2020-10709 | Insufficient Session Expiration vulnerability in Redhat Ansible Tower A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. | 7.1 |
| 2021-05-13 | CVE-2021-22136 | Insufficient Session Expiration vulnerability in Elastic Kibana In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. | 3.5 |
| 2021-04-23 | CVE-2021-31408 | Insufficient Session Expiration vulnerability in Vaadin Flow and Vaadin Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out. | 7.1 |
| 2021-03-15 | CVE-2020-35358 | Insufficient Session Expiration vulnerability in Domainmod 4.15.0 DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. | 9.8 |
| 2021-03-07 | CVE-2009-20001 | Insufficient Session Expiration vulnerability in Mantisbt An issue was discovered in MantisBT before 2.24.5. | 8.1 |
| 2021-02-27 | CVE-2021-3144 | Insufficient Session Expiration vulnerability in multiple products In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. | 9.1 |
| 2021-02-19 | CVE-2021-27351 | Insufficient Session Expiration vulnerability in Telegram The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session. | 5.3 |
| 2021-02-09 | CVE-2021-26921 | Insufficient Session Expiration vulnerability in Argoproj Argo CD In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled. | 6.5 |
| 2021-02-09 | CVE-2020-4995 | Insufficient Session Expiration vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. | 5.3 |