User sessions are not properly terminated

High

cbellone published GHSA-8p6m-mm22-q893

Feb 16, 2024

Package

alfio/alf.io (Docker)

Affected versions

< 2.0-M4-2402

Patched versions

2.0-M4-2402

Description

Users can access the admin area even after being invalidated/deleted

Severity

High

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H