{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T03:07:19.790","vulnerabilities":[{"cve":{"id":"CVE-2023-42446","sourceIdentifier":"security-advisories@github.com","published":"2023-09-18T22:15:47.247","lastModified":"2024-11-21T08:22:32.813","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expire when all `Pow.Store.Backend.MnesiaCache` instances have been shut down for a period that is longer than a session's remaining TTL. Version 1.0.34 contains a patch for this issue. As a workaround, expired keys, including all expired sessions, can be manually invalidated."},{"lang":"es","value":"Pow es una solución de autenticación y gestión de usuarios para aplicaciones basadas en Phoenix y Plug. A partir de la versión 1.0.14 y anteriores a la versión 1.0.34, el uso de `Pow.Store.Backend.MnesiaCache` es susceptible de secuestro de sesión ya que las claves caducadas no se invalidan correctamente al inicio. Una sesión puede caducar cuando todas las instancias de `Pow.Store.Backend.MnesiaCache` se han cerrado durante un período superior al TTL restante de una sesión. La versión 1.0.34 contiene un parche para este problema. Como workaround, las claves caducadas, incluidas todas las sesiones caducadas, se pueden invalidar manualmente."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-298"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-672"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:powauth:pow:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.14","versionEndExcluding":"1.0.34","matchCriteriaId":"0C454727-43EF-432A-BBE4-528F776FB9BA"}]}]}],"references":[{"url":"https://github.com/pow-auth/pow/issues/713","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/pow-auth/pow/security/advisories/GHSA-3cjh-p6pw-jhv9","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/pow-auth/pow/issues/713","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/pow-auth/pow/security/advisories/GHSA-3cjh-p6pw-jhv9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}