Security Advisory

CVE-2021-25940

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-16 09:25:09

Last updated 2025-04-30 15:45:47

Assigner Mend

State PUBLISHED

Description

In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system.

← Browse all CVEs View on cve.org ↗