7.1
CWE
613
Advisory Published
Updated

CVE-2019-5647: Rapid7 AppSpider Chrome Plugin Insufficient Session Expiration

First published: Wed Jan 22 2020(Updated: )

The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215.

Credit: cve@rapid7.con

Affected SoftwareAffected VersionHow to fix
Rapid7 Appspider<=3.8.213

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2019-5647?

    CVE-2019-5647 is a vulnerability in the Chrome Plugin for Rapid7 AppSpider that can keep browser sessions active after recording a macro, making session hijacking easier.

  • How does CVE-2019-5647 impact users?

    CVE-2019-5647 can allow for future session hijacking attempts since users may believe a session is closed when it is not.

  • Which version of Rapid7 AppSpider is affected by CVE-2019-5647?

    Rapid7 AppSpider version 3.8.213 is affected by CVE-2019-5647.

  • What is the severity level of CVE-2019-5647?

    CVE-2019-5647 has a severity level of 7.1 (high).

  • How can I fix CVE-2019-5647?

    To fix CVE-2019-5647, update Rapid7 AppSpider to version 3.8.215 or later.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203