CVE-2019-5647
Rapid7 AppSpider Chrome Plugin Insufficient Session Expiration
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215.
El Plugin de Chrome para Rapid7 AppSpider puede mantener activas las sesiones del navegador incorrectamente después de grabar una macro, inclusive después de reiniciar el navegador Chrome. Este comportamiento podría facilitar los futuros intentos de secuestro de sesión, ya que el usuario podría creer que una sesión fue cerrada cuando no era así. Este problema afecta a Rapid7 AppSpider versión 3.8.213 y versiones anteriores, y es corregido en la versión 3.8.215.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-07 CVE Reserved
- 2020-01-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-613: Insufficient Session Expiration
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://help.rapid7.com/appspiderenterprise/release-notes/?rid=3.8.215 | 2020-01-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rapid7 Search vendor "Rapid7" | Appspider Search vendor "Rapid7" for product "Appspider" | <= 3.8.213 Search vendor "Rapid7" for product "Appspider" and version " <= 3.8.213" | enterprise, chrome |
Affected
|