CNNVD-202506-2078 Information
CNNVD ID
CNNVD-202506-2078
Related CVE
- CNNVD Published: 2025-06-17
Description (Chinese)
Ash Authentication Phoenix是Alembic开源的一个使用AshAuthentication为Phoenix应用程序提供插入式身份验证支持。 Ash Authentication Phoenix 2.10.0及之前版本存在安全漏洞,该漏洞源于会话过期不足,可能导致会话劫持。
Description (English)
Ash Administration Phoenix is an open source of Alembic using AshAuthentation to provide inserted authentication support for the Phoenix application. There is a security loophole in Ash Administration Phoenix 2.10.0 and earlier versions, which stems from expired sessions and may lead to hijackings.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Alembic
Published
2025-06-17
Last Modified
2026-02-24
References
https://github.com/team-alembic/ash_authentication_phoenix/pull/634 https://github.com/team-alembic/ash_authentication_phoenix/security/advisories/GHSA-f7gq-h8jv-h3cq https://access.redhat.com/security/cve/cve-2025-4754 https://nvd.nist.gov/vuln/detail/CVE-2025-4754
Patch
https://github.com/team-alembic/ash_authentication_phoenix/security/advisories/GHSA-f7gq-h8jv-h3cq
Share on: