CWE-613

Insufficient Session Expiration

Parent: CWE-672 - Operation on a Resource after Expiration or Release

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

531 vulnerabilities with CWE-613
CVE-2024-45386 HIGH
SIMATIC PCS neo, SIMOCODE ES, SIRIUS Safety ES, SIRIUS Soft Starter...
CVSS 8.8
CVE-2024-13280 CRITICAL
Drupal Persistent Login <2.2.2 - Info Disclosure
CVSS 9.8
CVE-2024-45033 HIGH
Apache Airflow Fab Provider <1.5.2 - Info Disclosure
CVSS 8.1
CVE-2024-11627 MEDIUM
Progress Sitefinity 4.0-15.2.8421 Session Fixation via Insufficient Session Expiration
CVSS 6.8
CVE-2024-56413 MEDIUM
Acronis Cyber Protect <16 - Info Disclosure
CVSS 6.1
CVE-2024-56351 MEDIUM
JetBrains TeamCity < 2024.12 - Insufficient Session Expiration
CVSS 6.3
CVE-2024-55603 MEDIUM
Kanboard < 1.2.43 - Insufficient Session Expiration in SessionHandler
CVSS 6.5
CVE-2024-12667 LOW
InvoicePlane < 1.6.1 - Insufficient Session Expiration in /invoices/view
CVSS 3.7
CVE-2024-11668 MEDIUM
GitLab CE/EE <17.4.5-17.6.1 - Auth Bypass
CVSS 4.2
CVE-2024-35160 MEDIUM
IBM Watson Query and Db2 Big SQL on Cloud Pak for Data - Insufficient Session Expiration
CVSS 4.3
CVE-2024-11208 LOW
Apereo CAS 6.6 - Insufficient Session Expiration via Login Service Endpoint
CVSS 3.7
CVE-2024-52553 HIGH
Jenkins OpenId Connect Authentication Plugin < 4.421.v5422614eb_e0a - Insufficient Session Expiration
CVSS 8.8
CVE-2024-46892 MEDIUM
SINEC INS < V1.0 SP2 Update 3 - Insufficient Session Expiration
CVSS 4.9
CVE-2024-52311 MEDIUM
data.all 1.0.0-2.6.0 - Insufficient Session Expiration via Cognito Authentication Tokens
CVSS 6.3
CVE-2024-48926 MEDIUM
Umbraco CMS 8.0-8.18.14, 10.0-10.8.6, 13.0.0-13.5.1 - Insufficient Session Expiration
CVSS 4.2
CVE-2024-45462 MEDIUM
Apache CloudStack <4.18.2.3 & <4.19.1.1 - Info Disclosure
CVSS 6.3
CVE-2024-48827 HIGH
sbondCo Watcharr 1.43.0 - Remote Code Execution and Privilege Escalation via Change Password Function
CVSS 8.8
CVE-2024-46040 MEDIUM
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 - Info Disclosure
CVSS 6.5
CVE-2024-43685 CRITICAL
Microchip TimeProvider 4100 Firmware 1.0-2.4.6 - Session Hijacking via Insufficient Session Expiration
CVSS 9.8
CVE-2024-23586 MEDIUM
HCL Nomad < 1.0.13 - Unauthenticated Insufficient Session Expiration
CVSS 5.3
CVE-2024-8888 CRITICAL
CIRCUTOR Q-SMT Firmware 1.0.4 - Insufficient Session Expiration
CVSS 10.0
CVE-2024-38315 MEDIUM
IBM Aspera Shares <1.11 - Privilege Escalation
CVSS 6.3
CVE-2024-32006 MEDIUM
SINEMA Remote Connect Client <V3.2 SP2 - Auth Bypass
CVSS 4.3
CVE-2024-45187 HIGH
Mage AI - Unauthenticated Remote Code Execution via Deleted User Privilege Escalation
CVSS 7.1
CVE-2024-7998 LOW
Octopus Server 2022.4.8332-2024.1.12931 - Insufficient Session Expiration in OIDC Cookies
CVSS 2.6
Details
Vulnerabilities 531
Links
MITRE CWE Entry Search this CWE With Exploits