CVE-2024-21492

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Feb 17, 2024
Updated: Feb 20, 2024
CWE ID 613

Summary

CVE-2024-21492 is a vulnerability that affects all versions of the package github.com/greenpau/caddy-security. The vulnerability is related to Insufficient Session Expiration, which occurs due to improper user session invalidation when clicking the "Sign Out" button. This means that user sessions remain valid even after logging out. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user. The risk score for this vulnerability is 25, with a base severity of MEDIUM. There is no change in scope and the exploitability score is 2.2. The danger lies in potential unauthorized access and actions that can be carried out by attackers, compromising the security and integrity of an organization's systems and data. Remediation steps should include updating to a version of the package that addresses this issue and ensuring proper session invalidation upon logout.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-21492 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options