Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Talkyard - Insufficient Session Expiration
Vulnerability Description
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Talkyard 代码问题漏洞
Vulnerability Description
Talkyard是开源的一个结构化的讨论平台,汇集了 StackOverflow、Slack、Discourse、Reddit/HackerNews 和 Disqus 博客评论的主要功能。 Talkyard 存在安全漏洞,该漏洞源于在Talkyard中存在会话过期不足。攻击者可利用该漏洞在注销时重用管理员仍然有效的会话令牌,以获得管理员特权。
CVSS Information
N/A
Vulnerability Type
N/A