Kimai Session Handler Vulnerability Allows Information Disclosure
CVE-2024-4596

3.7LOW

Key Information:

Vendor

Kimai

Status
Kimai
Vendor
CVE Published:
7 May 2024

What is CVE-2024-4596?

A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.16.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-263318 is the identifier assigned to this vulnerability.

Affected Version(s)

Kimai 2.0

Kimai 2.1

Kimai 2.2

References

https://vuldb.com/?id.263318
vdb-entrytechnical-description
https://vuldb.com/?ctiid.263318
signaturepermissions-required
https://vuldb.com/?submit.328639
third-party-advisory

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

DeepCove (VulDB User)
.