CVE-2021-25970

Camaleon CMS 0.1.7 to 2.6.0 doesnt terminate the active session of the users, even after the admin changes the users password. A user that was already logged in, will still have access to the application even after the password was changed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MendCNA
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
tuzitiocamaleon_cms
0.1.7 ≤
𝑥
≤ 2.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/owen2345/camaleon-cms/commit/77e31bc6cdde7c951fba104aebcd5ebb3f02b030
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25970
https://github.com/owen2345/camaleon-cms/commit/77e31bc6cdde7c951fba104aebcd5ebb3f02b030
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25970