{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49091", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-21T18:57:30.429Z", "datePublished": "2023-11-29T19:16:37.723Z", "dateUpdated": "2025-01-21T20:18:17.369Z"}, "containers": {"cna": {"title": "Jwttoken in Cosmos server never expires after password changed and logging out", "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "lang": "en", "description": "CWE-613: Insufficient Session Expiration", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x"}, {"name": "https://github.com/azukaar/Cosmos-Server/commit/7a3fdfb467bd4d1f8333e3e1f3c3f5fca0b69cd7", "tags": ["x_refsource_MISC"], "url": "https://github.com/azukaar/Cosmos-Server/commit/7a3fdfb467bd4d1f8333e3e1f3c3f5fca0b69cd7"}], "affected": [{"vendor": "azukaar", "product": "Cosmos-Server", "versions": [{"version": "< 0.13.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-01-21T20:18:17.369Z"}, "descriptions": [{"lang": "en", "value": "Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.1."}], "source": {"advisory": "GHSA-hpvm-x7m8-3c6x", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:46:28.806Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2023-11-30T17:02:56.950333Z", "id": "CVE-2023-49091", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T15:56:18.479Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x", "name": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:46:28.806Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-49091", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2023-11-30T17:02:56.950333Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T15:56:14.288Z"}}], "cna": {"title": "Jwttoken in Cosmos server never expires after password changed and logging out", "source": {"advisory": "GHSA-hpvm-x7m8-3c6x", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "azukaar", "product": "Cosmos-Server", "versions": [{"status": "affected", "version": "< 0.13.1"}]}], "references": [{"url": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x", "name": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/azukaar/Cosmos-Server/commit/7a3fdfb467bd4d1f8333e3e1f3c3f5fca0b69cd7", "name": "https://github.com/azukaar/Cosmos-Server/commit/7a3fdfb467bd4d1f8333e3e1f3c3f5fca0b69cd7", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613: Insufficient Session Expiration"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-01-21T20:18:17.369Z"}}}, "cveMetadata": {"cveId": "CVE-2023-49091", "state": "PUBLISHED", "dateUpdated": "2025-01-21T20:18:17.369Z", "dateReserved": "2023-11-21T18:57:30.429Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-11-29T19:16:37.723Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "D0F9DD63-E895-471D-A103-89DC8CE4487F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "245BC303-196B-427E-9206-23FF97C1D028", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "AC80B4CA-DCF5-406B-8CBC-7D8B10C07D75", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "FFA40431-2EA9-4814-97BD-9B98FD12565A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.0:-:*:*:*:*:*:*", "matchCriteriaId": "48F9560F-E849-40BF-87E4-3EE76E2307B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "20001A99-A282-4201-9B35-2642AFBBEDF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "3FBF8D50-7369-4D65-B75A-A79B8313B5EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "E4DDF3EC-9AB2-4D07-AEF7-3B6F86CFEE33", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "11F11DBC-37C2-4C5C-A42B-FA79A79A522C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "F95649EE-5546-4C63-A325-7D1E7A8F1199", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.0:-:*:*:*:*:*:*", "matchCriteriaId": "704FEFD9-1E74-4381-A632-C0CE0C39A1B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "72A4403B-0395-4D94-81BE-D0B7A7208A91", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "DBB50B8C-0B6A-4B35-866B-289E09D45EBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "9FEDF35D-62E1-4F55-8176-582BC12DCDEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "59DA9642-F316-47B6-BEF4-B40A3A87B3B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "0BF3BB20-23D2-47EF-AEC3-624C00B3E279", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "A6C0489A-C381-4EAC-B2A9-BF2B52F7AB9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "7682B327-5A0A-4AA8-AA6C-135938853D73", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "1D82733E-1C1E-43ED-BB52-C4F4355BAA2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "DF6CA450-B6F6-4194-ABCC-6D1B70A0BD7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "90DCCFD5-AA8C-4044-BF7C-9BE2CFA36D6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.7:-:*:*:*:*:*:*", "matchCriteriaId": "0E302BF1-076C-4EF1-B578-9BEACBDB8563", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "D5DB6050-C175-4AB5-B3CC-924D02B5C70E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "EDB59393-C90C-4913-9A7A-CAD64014C5DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "F1C4A549-39AA-4221-8104-53317A7B57ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.0:-:*:*:*:*:*:*", "matchCriteriaId": "007BA5D8-DD27-4C7D-8AEE-92E420444648", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4E02C3A4-771F-4D2E-9246-ABA061F14BA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "9147CCB4-99BA-46C9-B4C1-9BFC78961063", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "CD0C8166-6388-47ED-9D63-28928973FB5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.6.4:-:*:*:*:*:*:*", "matchCriteriaId": "6EB22B0B-EC99-411D-B7C1-C5DAB6A96107", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.0:-:*:*:*:*:*:*", "matchCriteriaId": "46D88BBD-968E-416D-9ED9-5087CC378D01", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "33E78715-9E76-4E8C-8F27-E2ECD2C6969F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "DB71C771-A2C0-4D6A-83DE-17A0031276CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "8864B3A3-81D4-476C-9D43-763E6C501C01", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "362FDFC1-2F71-4B1D-AD5D-BEAB04150FC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A243056D-2F2D-4A84-B02C-F21384D2CBBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "D95B7F37-69F9-47BD-81EE-01F85AA08265", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "70AE035A-FEEB-4DCF-843B-273E1596777E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "60D429D5-8241-4431-8CDA-7B25D9F971F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "20CB8797-381A-42DB-A268-600865E514FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "6EA361BE-1F6B-4F44-A5E8-8C1E08999BDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.0:-:*:*:*:*:*:*", "matchCriteriaId": "A08386B6-3863-4861-A811-36269648290B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "514D19FA-EFC1-493A-82F8-E1643B6E37D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "A6547760-893A-4316-9B26-34FADD4BF455", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "5665A44D-8EE6-4BD3-BEC0-1316C0409CA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "92D61C74-73FD-4F74-B817-6FA5B1903E84", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "2B8ED8F3-344C-4AAE-843C-75FFF052F8D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "E8EF95DE-656C-41F1-B169-20DED5234965", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "30B30A3D-941F-4604-9703-D96E2689B431", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "BE7A76DF-1758-4B6F-B9B8-1D617D79A6D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "286CF897-8C22-4BF6-B816-1E7B400FBC4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "7402E48F-188B-469E-AFF4-F5F5E8D4D305", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "E6029988-F826-45FE-8303-98DFB69ADD18", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.0:-:*:*:*:*:*:*", "matchCriteriaId": "56E2EFC3-9B64-4656-803C-3484981A57B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "71DB2F36-103D-4A5C-A0D8-22E0B20E8BDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "32EB3543-3E12-4CD6-B8E1-091C2BC06B4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "D06967B6-E215-422B-BC4B-8E63C56FB958", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "F9267FEE-CE5B-4ADB-9CD6-55698C2E6D11", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "E8CD0C5F-4EB0-477D-A672-BFCD56734C70", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "7960B3D0-01B0-480B-9B12-B4D5ACEBC526", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "29536415-FEBA-470B-BBF0-B76D1148585C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "10E5D948-87FF-4789-B294-817294B85FD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "35D87312-7595-4E02-B33D-190A99E2F34B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "ED4790DA-50A7-4E87-8780-79DE2818936D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.11:*:*:*:*:*:*:*", "matchCriteriaId": "B4FB9A84-A927-406C-AEE3-E6884F91B488", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.12:*:*:*:*:*:*:*", "matchCriteriaId": "C1B8B916-894A-4555-B85E-971543039C5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "C0A6A70E-9992-4042-B3EF-F82CCE17F1E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.14:*:*:*:*:*:*:*", "matchCriteriaId": "7F66ED38-32AC-4E7A-8506-625A53428E61", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.15:*:*:*:*:*:*:*", "matchCriteriaId": "C0E702BA-98F3-402A-B4B4-EDB862455922", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.16:*:*:*:*:*:*:*", "matchCriteriaId": "C9E95C76-F625-4C35-B4F6-C9C0625FD151", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.17:*:*:*:*:*:*:*", "matchCriteriaId": "CDB8E645-65C2-47D8-9FA6-78E5AFDB91EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.18:*:*:*:*:*:*:*", "matchCriteriaId": "A5286DEA-ECE0-4E40-96FE-11144B317EDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.19:-:*:*:*:*:*:*", "matchCriteriaId": "F663B778-D1F3-4551-9812-61BF45A77279", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.20:*:*:*:*:*:*:*", "matchCriteriaId": "FB0335D9-8789-48B5-A0FE-40A30993F535", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.9.21:*:*:*:*:*:*:*", "matchCriteriaId": "65390F75-4D2A-4A3A-97BC-16C2A7F08BDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.0:-:*:*:*:*:*:*", "matchCriteriaId": "88616AE6-0E5E-48CC-827D-CBC09BB4D352", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.1:-:*:*:*:*:*:*", "matchCriteriaId": "0543F1CA-D9A6-478E-B9B3-804C6A8DB2C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "9639CAE7-FE63-4286-BE8C-E82E734F1B78", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "9958CCA3-7B3C-4CB5-9188-32C73C08735F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.10.4:-:*:*:*:*:*:*", "matchCriteriaId": "14F79A15-D8C0-4041-AB5C-7B640011391A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.0:-:*:*:*:*:*:*", "matchCriteriaId": "07DE8CDF-8D02-4744-806C-BFC18333ECE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "B6F247DF-C078-4CCA-9352-54F36DC5A4BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "43350B4E-7D95-4963-ABF4-237E9E63A841", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "6F4E655A-4175-4953-AD19-F1F9BE1ABF62", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.0:-:*:*:*:*:*:*", "matchCriteriaId": "8E8CD9C8-8F1E-428D-B7D4-BC822553F92D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "67696CA2-739B-40A3-9DD5-95A7BFA1448F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "70B8832F-7202-45C8-A7B2-30D3F2D57D41", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "5C81041A-1D6C-413A-8886-6F1308CA0E37", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "5678EC30-3F90-4911-B5E8-E01751BE13F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "87AB67FA-11E4-4807-B62F-2AD3BA31AC45", "vulnerable": true}, {"criteria": "cpe:2.3:a:cosmos-cloud:cosmos_server:0.12.6:-:*:*:*:*:*:*", "matchCriteriaId": "DF30F289-0826-45C9-BDE4-6B78299E6536", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.1."}, {"lang": "es", "value": "Cosmos ofrece a los usuarios la posibilidad de autohospedar un servidor dom\u00e9stico actuando como una puerta de enlace segura a su aplicaci\u00f3n, as\u00ed como un administrador de servidor. Cosmos-server es vulnerable debido a que el encabezado de autorizaci\u00f3n utilizado para el inicio de sesi\u00f3n del usuario sigue siendo v\u00e1lido y no caduca despu\u00e9s del cierre de sesi\u00f3n. Esta vulnerabilidad permite a un atacante utilizar el token para obtener acceso no autorizado a la aplicaci\u00f3n/sistema incluso despu\u00e9s de que el usuario haya cerrado sesi\u00f3n. Este problema se solucion\u00f3 en la versi\u00f3n 0.13.0."}], "id": "CVE-2023-49091", "lastModified": "2025-04-11T14:17:55.343", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-29T20:15:08.390", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/azukaar/Cosmos-Server/commit/7a3fdfb467bd4d1f8333e3e1f3c3f5fca0b69cd7"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/azukaar/Cosmos-Server/security/advisories/GHSA-hpvm-x7m8-3c6x"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}