Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session
Vulnerability Description
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry (default ≈ 1 year). An attacker with a previously stolen or captured session cookie can continue authenticating after logout, resulting in a post-logout authentication bypass. This is a session management flaw that violates expected logout semantics. This issue has been patched in version 3000.11.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
会话固定
Vulnerability Title
OliveTin 代码问题漏洞
Vulnerability Description
OliveTin是OliveTin开源的一个Web应用。 OliveTin 3000.11.1之前版本存在代码问题漏洞,该漏洞源于用户注销时未撤销服务器端会话,可能导致攻击者使用先前窃取的会话cookie在注销后继续通过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A