CVE-2024-23558 MEDIUM

CVE-2024-23558: HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout

Vendor Hcl Software
Product DevOps Deploy / Launch
Published April 15, 2024
Last update November 1, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.

Key dates

02Disclosure timeline

April 15, 2024 CVE published
November 1, 2024 Record updated