Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
caddy-security 安全漏洞
Vulnerability Description
caddy-security是Caddy的安全应用程序和插件。 caddy-security存在安全漏洞,该漏洞源于不正确的用户会话失效,容易受到会话过期不足的影响。
CVSS Information
N/A
Vulnerability Type
N/A