CVE-2024-29070
CVSS V2 None
CVSS V3 None
Description
On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout.
Mitigation:
all users should upgrade to 2.1.4
Overview
- CVE ID
- CVE-2024-29070
- Assigner
- apache
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-07-23T08:13:41.408Z
- Last Modified Date
- 2024-07-23T14:47:17.230Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://lists.apache.org/thread/zslblrz1l0n9t67mqdv42yv75ncfn9zl | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-29070 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29070 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-07-24 13:03:56 | Added to TrackCVE |