Vulnerability Description
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks)
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Talkyard | Talkyard | >= 0.2021.20, < 0.2021.35 |
Related Weaknesses (CWE)
References
- https://github.com/debiki/talkyard/commit/b0310df019887f3464895529c773bc7d85ddcfPatchThird Party Advisory
- https://github.com/debiki/talkyard/commit/b0712915d8a22a20b09a129924e8a29c25ae57PatchThird Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25981PatchThird Party AdvisoryVDB Entry
- https://github.com/debiki/talkyard/commit/b0310df019887f3464895529c773bc7d85ddcfPatchThird Party Advisory
- https://github.com/debiki/talkyard/commit/b0712915d8a22a20b09a129924e8a29c25ae57PatchThird Party Advisory
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25981PatchThird Party AdvisoryVDB Entry
FAQ
What is CVE-2021-25981?
CVE-2021-25981 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the a...
How severe is CVE-2021-25981?
CVE-2021-25981 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-25981?
Check the references section above for vendor advisories and patch information. Affected products include: Talkyard Talkyard.