Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ArangoDB - Insufficient Session Expiration after Password Change
Vulnerability Description
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
ArangoDB 代码问题漏洞
Vulnerability Description
ArangoDB是ArangoDB GmbH的一款NoSQL数据库系统 ArangoDB 3.7.6版本到3.8.3版本存在代码问题漏洞,该漏洞源于软件存在Session Expiration不足的问题。当管理员修改用户的密码时,会话不会失效,从而允许恶意用户仍然登录并在系统中执行任意操作。
CVSS Information
N/A
Vulnerability Type
N/A