PT-2026-6199 · Unknown · Open Eclass

Stolichnayer

·

Publicado

2026-02-03

·

Atualizado

2026-02-10

·

CVE-2026-24667

CVSS v3.1

5.0

Média

VetorAV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2
Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A flaw exists where active user sessions are not invalidated after a password change. This allows existing session tokens to remain valid, potentially granting unauthorized continued access to user accounts.
Recommendations Update to version 4.2 or later.

Exploit

Correção

Insufficient Session Expiration

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-613

Identificadores relacionados

CVE-2026-24667
GHSA-5H73-53MH-M224

Produtos afetados

Open Eclass