CVE-2021-25940

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-25940

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25940.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-25940

Aliases

BIT-arangodb-2021-25940

Published

2021-11-16T10:15:06.783Z

Modified

2026-02-23T08:25:24.343986Z

Severity

8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system.

References

Affected packages

Git / github.com/arangodb/arangodb

Affected ranges

Type: GIT
Repo: https://github.com/arangodb/arangodb
Events: Introduced

780ac0e1272d8fcebe2ed36c0e2cbaf336f0d207

Last affected

7a9a07d06a0d9750103c93eb3caa9eda8e782b72

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25940.json"