CVE-2023-38489

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Jul 27, 2023
Updated: Aug 3, 2023
CWE ID 613

Summary

CVE-2023-38489 is a vulnerability affecting Kirby, a content management system. This issue, present in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6, poses a risk for sites with user accounts. The flaw is related to insufficient session expiration, enabling attackers to maintain unauthorized access even after a user changes their password. Kirby failed to invalidate user sessions with old passwords, leaving affected sites vulnerable. The vulnerability can be exploited when users share devices or browsers with potentially untrusted individuals or when attackers use previously stolen passwords. The latest releases, Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6, include a patch to address this issue by keeping track of the hashed password in each active session. Upon updating, all users are logged out to enforce the fix.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-38489 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions