First published: Wed Jan 22 2020(Updated: )
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215.
Credit: cve@rapid7.con
Affected Software | Affected Version | How to fix |
---|---|---|
Rapid7 Appspider | <=3.8.213 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-5647 is a vulnerability in the Chrome Plugin for Rapid7 AppSpider that can keep browser sessions active after recording a macro, making session hijacking easier.
CVE-2019-5647 can allow for future session hijacking attempts since users may believe a session is closed when it is not.
Rapid7 AppSpider version 3.8.213 is affected by CVE-2019-5647.
CVE-2019-5647 has a severity level of 7.1 (high).
To fix CVE-2019-5647, update Rapid7 AppSpider to version 3.8.215 or later.