Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Session is not expiring after password reset in Engelsystem
Vulnerability Description
Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit `dbb089315ff3d`. Users are advised to update their installations. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Engelsystem 代码问题漏洞
Vulnerability Description
Engelsystem是Engelsystem开源的一个轮班计划系统。 Engelsystem存在代码问题漏洞,该漏洞源于密码重置后,当前会话不会过期。
CVSS Information
N/A
Vulnerability Type
N/A