Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Misskey allows token to remain valid in cookie after signing out
Vulnerability Description
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named `token` is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted even after logout is performed. The primary affected users will be users who have logged into Misskey using a public PC or someone else's device, but it's possible that users who have logged out of Misskey before lending their PC to someone else could also be affected. Version 2025.2.0-alpha.0 contains a fix for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Misskey 代码问题漏洞
Vulnerability Description
Misskey是Misskey开源的一个永久免费的开源联合社交媒体平台。 Misskey 12.109.0版本至2025.2.0-alpha.0之前版本存在代码问题漏洞,该漏洞源于用于身份验证的登录令牌即使在注销后也不会被删除。
CVSS Information
N/A
Vulnerability Type
N/A