漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19
Vulnerability Description
Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Vaadin flow 代码问题漏洞
Vulnerability Description
Vaadin flow是一个应用软件。Vaadin平台的Java框架,用于构建外观美观,性能良好并让您和您的用户感到满意的现代网站。 vaadin:flow-client 存在代码问题漏洞,该漏洞允许本地攻击者在用户尝试注销后访问Fusion端点。
CVSS Information
N/A
Vulnerability Type
N/A