CVE-2023-0227Insufficient Session Expiration in Pyload

CWE-613Insufficient Session Expiration6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 63.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Pyload PyloadPyloadPyload-ng Project Pyload-ng
Timeline
PublishedJan 12
Latest updateApr 14

Description

Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDpyload/pyload< 2023-01-12
CVEListV5pyload/pyload_pyloadunspecified0.5.0b3.dev36
PyPIpyload-ng_project/pyload-ng< 0.5.0b3.dev36+1

Patches

Patch: github.comPatch: huntr.devPatch: github.com

🔴Vulnerability Details

4
GHSA
pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass)2026-04-14
CVEList
Insufficient Session Expiration in pyload/pyload2023-01-12
OSV
Pyload Insufficient Session Expiration vulnerability2023-01-12
GHSA
Pyload Insufficient Session Expiration vulnerability2023-01-12

📋Vendor Advisories

1
Oracle
Oracle Oracle Analytics Risk Matrix: Installation (Apache Axis) — CVE-2019-02272023-07-15
CVE-2023-0227 — Insufficient Session Expiration | cvebase