{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-55603","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2024-12-09T14:22:52.524Z","datePublished":"2024-12-18T23:52:57.327Z","dateUpdated":"2024-12-20T20:12:10.648Z"},"containers":{"cna":{"title":"Insufficient session invalidation in Kanboard","problemTypes":[{"descriptions":[{"cweId":"CWE-613","lang":"en","description":"CWE-613: Insufficient Session Expiration","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"}}],"references":[{"name":"https://github.com/kanboard/kanboard/security/advisories/GHSA-gv5c-8pxr-p484","tags":["x_refsource_CONFIRM"],"url":"https://github.com/kanboard/kanboard/security/advisories/GHSA-gv5c-8pxr-p484"},{"name":"https://github.com/kanboard/kanboard/commit/7ce61c34d962ca8b5dce776289ddf4b207be6e78","tags":["x_refsource_MISC"],"url":"https://github.com/kanboard/kanboard/commit/7ce61c34d962ca8b5dce776289ddf4b207be6e78"},{"name":"https://github.com/kanboard/kanboard/blob/main/app/Core/Session/SessionHandler.php#L40","tags":["x_refsource_MISC"],"url":"https://github.com/kanboard/kanboard/blob/main/app/Core/Session/SessionHandler.php#L40"},{"name":"https://www.php.net/manual/en/function.session-start.php","tags":["x_refsource_MISC"],"url":"https://www.php.net/manual/en/function.session-start.php"},{"name":"https://www.php.net/manual/en/session.configuration.php#ini.session.gc-divisor","tags":["x_refsource_MISC"],"url":"https://www.php.net/manual/en/session.configuration.php#ini.session.gc-divisor"},{"name":"https://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime","tags":["x_refsource_MISC"],"url":"https://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime"},{"name":"https://www.php.net/manual/en/session.configuration.php#ini.session.gc-probability","tags":["x_refsource_MISC"],"url":"https://www.php.net/manual/en/session.configuration.php#ini.session.gc-probability"},{"name":"https://www.php.net/manual/en/sessionhandlerinterface.gc.php","tags":["x_refsource_MISC"],"url":"https://www.php.net/manual/en/sessionhandlerinterface.gc.php"}],"affected":[{"vendor":"kanboard","product":"kanboard","versions":[{"version":"< 1.2.43","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2024-12-18T23:52:57.327Z"},"descriptions":[{"lang":"en","value":"Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler (`app/Core/Session/SessionHandler.php`), to store the session data in a database. Therefore, when a `session_id` is given, kanboard queries the data from the `sessions` sql table. At this point, it does not correctly verify, if a given `session_id` has already exceeded its lifetime (`expires_at`).\nThus, a session which's lifetime is already `> time()`, is still queried from the database and hence a valid login. The implemented **SessionHandlerInterface::gc** function, that does remove invalid sessions, is called only **with a certain probability** (_Cleans up expired sessions. Called by `session_start()`, based on `session.gc_divisor`, `session.gc_probability` and `session.gc_maxlifetime` settings_) accordingly to the php documentation. In the official Kanboard docker image these values default to: session.gc_probability=1, session.gc_divisor=1000. Thus, an expired session is only terminated with probability 1/1000. This issue has been addressed in release 1.2.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}],"source":{"advisory":"GHSA-gv5c-8pxr-p484","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-20T20:10:11.562584Z","id":"CVE-2024-55603","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-20T20:12:10.648Z"}}]}}