CVE-2020-11728
on gitlab
Published
Severity
CVSS v3:
7.5 HIGH
CVSS v2:
5 MEDIUM
Description
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time (and the incrementing session_id) can impersonate a session.
References
Configurations
| CPE23 | Version Start | Version End | Exact Version |
|---|---|---|---|
| cpe:2.3:a:davical:andrew\'s_web_libraries:*:*:*:*:*:*:*:* | n/a | 0.60 (including) | * |
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | n/a | n/a | 8.0 |
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | n/a | n/a | 9.0 |
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | n/a | n/a | 10.0 |