Open menghaining opened 6 months ago
Suffering from CWE-613(insufficent session expiration). When user changing password, system not acquire user to re-login. The old session can be used to modify user information.
v1.3.1, also the version in the latest docker version
updated at Nov 10, 2022
user login
user change password
old session can be used to modify user's information and success.
Description
Suffering from CWE-613(insufficent session expiration). When user changing password, system not acquire user to re-login. The old session can be used to modify user information.
Affacted version:
v1.3.1, also the version in the latest docker version
updated at Nov 10, 2022
POC:
user login
user change password
old session can be used to modify user's information and success.