CVE-2021-25940

Insufficient Session Expiration in pypi/arangodb

Identifiers

CVE-2021-25940

Package Slug

pypi/arangodb

Vulnerability

Insufficient Session Expiration

Description

In ArangoDB, suffers from an Insufficient Session Expiration vulnerability. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system.

Affected Versions

All versions starting from 3.7.6 up to 3.8.3

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-11-18

source