CVE-2023-49091

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 29, 2023

Updated: Dec 8, 2023

CWE ID 613

Summary

CVE-2023-49091 affects Cosmos, a software that acts as a secure gateway and server manager for self-hosted applications. The vulnerability lies in the authorization header used for user login, which fails to expire after logout. Consequently, an attacker can exploit this flaw to gain unauthorized access to the application or system using a valid token, even after the user has logged out. This security issue has been addressed in version 0.13.0 of Cosmos-server.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tgfOSK
https://www.cve.org/CVERecord?id=CVE-2023-49091
https://nvd.nist.gov/vuln/detail/CVE-2023-49091

Back to Vulnerability Database

CVE-2023-49091

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations