Insufficient Session Expiration Affecting librenms/librenms package, versions <22.10.0
Threat Intelligence
EPSS
0.21% (60th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-LIBRENMSLIBRENMS-3136287
- published 20 Nov 2022
- disclosed 20 Nov 2022
- credit Unknown
Introduced: 20 Nov 2022
CVE-2022-4070 Open this link in a new tabHow to fix?
Upgrade librenms/librenms
to version 22.10.0 or higher.
Overview
librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support.
Affected versions of this package are vulnerable to Insufficient Session Expiration which allows users that are disabled to be logged in via cookie.
References
CVSS Scores
version 3.1