Insufficient Session Expiration Affecting github.com/greenpau/caddy-security package, versions *
Snyk CVSS
Attack Complexity
High
Threat Intelligence
EPSS
0.05% (15th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5920787
- published 16 Feb 2024
- disclosed 18 Sep 2023
- credit Maciej Domanski, Travis Peters, David Pokora
Introduced: 18 Sep 2023
CVE-2024-21492 Open this link in a new tabHow to fix?
There is no fixed version for github.com/greenpau/caddy-security
.
Overview
github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2.
Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout
and /oauth2/google/logout
. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user.