Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. Rated low severity (CVSS 3.7). No vendor patch available.
Red Hat
Privilege Escalation
Conga
Enterprise Linux
NVD
VulDB
CVSS 2.0
3.7
EPSS
0.1%
Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. Rated low severity (CVSS 3.7). No vendor patch available.
Red Hat
Authentication Bypass
Conga
Enterprise Linux
NVD
VulDB
CVSS 2.0
3.7
EPSS
0.1%