Home > Vulnerability Database > CVE-2023-45659

Mend.io Vulnerability Database

CVE-2023-45659

Date: October 16, 2023

Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit "dbb089315ff3d". Users are advised to update their installations. There are no known workarounds for this vulnerability.

Language: PHP

Severity Score

3.6

Related Resources (4)

Url: https://github.com/engelsystem/engelsystem/security/advisories/GHSA-f6mm-3v2h-jm6x

Url: https://github.com/engelsystem/engelsystem/commit/dbb089315ff3d8aabc11445e78fb50765208b27d

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-45659

Url: https://www.mend.io/vulnerability-database/CVE-2023-45659

Severity Score

3.6

Weakness Type (CWE)

Insufficient Session Expiration

CWE-613

CVSS v3.1

Base Score:	3.6
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-45659

Date: October 16, 2023

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?