CNNVD-202512-3779 Information

CNNVD ID

CNNVD-202512-3779

Related CVE

CVE-2023-53957

• CNNVD Published: 2025-12-19

Description (Chinese)

kimai是kimai个人开发者的一个基于网络的多用户时间跟踪应用程序。 kimai 1.30.10版本存在安全漏洞，该漏洞源于SameSite cookie实现不当，可能导致会话劫持。

Description (English)

kimai is a web-based multi-user time tracking application for kimai personal developers. There is a security loophole in the version of kimai 1.30.10, which stems from the improper performance of SameSite cookie, which could lead to a session hijacking.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

kimai

Published

2025-12-19

Last Modified

2026-02-24

References

https://github.com/kimai/kimai/releases/tag/1.30.10 https://www.vulncheck.com/advisories/kimai-samesite-cookie-vulnerability-session-hijacking https://www.exploit-db.com/exploits/51278 https://access.redhat.com/security/cve/cve-2023-53957