PT-2022-15820 · Go+2 · Github.Com/Heroiclabs/Nakama+2

Published

2022-07-05

·

Updated

2022-07-14

·

CVE-2022-2306

CVSS v3.1

8.2

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned.
Description The issue allows old session tokens to be used for authentication to the application, enabling the sending of authenticated requests.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

CVE-2022-2306
GHSA-XV59-GC3R-RF92

Affected Products

Github.Com/Heroiclabs/Nakama
Heroiclabs/Nakama
Nakama