{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41617?format=json","vulnerability_id":"VCID-6xw2-ykvp-4qaw","summary":"Insufficient Session Expiration\nCamaleon CMS to doesn’t terminate the active session of the users, even after the admin changes the user’s password. A user that was already logged in, will still have access to the application even after the password was changed.","aliases":[{"alias":"CVE-2021-25970"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59334?format=json","purl":"pkg:gem/camaleon_cms@2.6.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.6.0.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59341?format=json","purl":"pkg:gem/camaleon_cms@0.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6xw2-ykvp-4qaw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@0.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/59333?format=json","purl":"pkg:gem/camaleon_cms@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6xw2-ykvp-4qaw"},{"vulnerability":"VCID-9jsa-k6th-dubb"},{"vulnerability":"VCID-b2rx-y3hz-63dx"},{"vulnerability":"VCID-jwkf-ess3-9kgr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/camaleon_cms@2.6.0"}],"references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25970","reference_id":"CVE-2021-25970","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25970"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":613,"name":"Insufficient Session Expiration","description":"According to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6xw2-ykvp-4qaw"}