漏洞标题
N/A
漏洞描述信息
在Open-Xchange OX App Suite 7.8.1-rev10之前发现了一个问题。应用程序套件前端提供了控制用户是否要存储超过会话持续时间的 cookie 的功能。当从具有较低权限的客户或共享环境登录时,此功能非常有用。然而,在使用非交互式登录方法进行登录时,该设置被不正确识别,并且会存储 regardless of this setting。如果 middleware 配置强制此设置,或者用户通过了交互式登录页面,则工作流程是正确的。具有身份验证信息的 cookie 可能在共享环境中的其他用户之间可用。如果用户在会话中未正确退出,则具有相同客户端访问权限的第三方可以访问用户的帐户。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user's account.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Open-Xchange OX App Suite 信息泄露漏洞
漏洞描述信息
Open-Xchange OX App Suite是美国Open-Xchange公司的一套Web云桌面环境。该环境允许用户更直观的管理电子邮件、任务和文件等。 Open-Xchange OX App Suite 7.8.1-rev10之前的版本中存在安全漏洞。攻击者可利用该漏洞访问用户账号。
CVSS信息
N/A
漏洞类别
信息泄露