CVE-2020-35358 — CRITICAL (9.8)

Vulnerability Description

DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Domainmod	Domainmod	4.15.0

Related Weaknesses (CWE)

CWE-613

References

https://gist.github.com/anku-agar/0fec2ffd98308e550ce9b5d4b395d0d7ExploitThird Party Advisory
https://gist.github.com/anku-agar/0fec2ffd98308e550ce9b5d4b395d0d7ExploitThird Party Advisory

FAQ

What is CVE-2020-35358?

CVE-2020-35358 is a vulnerability with a CVSS score of 9.8 (CRITICAL). DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or d...

How severe is CVE-2020-35358?

CVE-2020-35358 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-35358?

Check the references section above for vendor advisories and patch information. Affected products include: Domainmod Domainmod.