CVE-2021-34428 @ Maven-org.eclipse.jetty:jetty-server-9.4.36.v20210114 #257
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Vulnerable Package issue exists @ Maven-org.eclipse.jetty:jetty-server-9.4.36.v20210114 in branch main
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.
Namespace: CxDemoInABoxRepos
Repository: Java-Webgoat
Repository Url: https://github.com/CxDemoInABoxRepos/Java-Webgoat
CxAST-Project: CxDemoInABoxRepos/Java-Webgoat
CxAST platform scan: 54f047f8-7049-4205-83b9-9e21c75dc4c9
Branch: main
Application: Java-Webgoat
Severity: LOW
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-613
Additional Info
Attack vector: PHYSICAL
Attack complexity: LOW
Confidentiality impact: LOW
Availability impact: NONE
Remediation Upgrade Recommendation: 9.4.43.v20210629
References
Advisory
Issue
Pull request
Commit
The text was updated successfully, but these errors were encountered: