Tendrl/api

Releases8

Frequency3 weeks 6 days

Last Release about 9 years ago

Stars16

Tendrl API

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-1127 ↗	Sep 11, 2018Tuesday, 11 September 2018, 15:29	—	6.8 MEDIUM
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.