CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry (default ≈ 1 year). An attacker with a previously stolen or captured session cookie can continue authenticating after logout, resulting in a post-logout authentication bypass. This is a session management flaw that violates expected logout semantics. This issue has been patched in version 3000.11.1.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/OliveTin/OliveTin/commit/d6a0abc3755d43107be1939567c52953bcbec3d5	Patch
https://github.com/OliveTin/OliveTin/releases/tag/3000.11.1	Product Release Notes
https://github.com/OliveTin/OliveTin/security/advisories/GHSA-gq2m-77hf-vwgh	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:olivetin:olivetin:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-06 21:16

Updated : 2026-03-12 15:57

NVD link : CVE-2026-30224

Mitre link : CVE-2026-30224

CVE.ORG link : CVE-2026-30224

JSON object : View

Products Affected

olivetin

olivetin

CWE

CWE-384

Session Fixation

CWE-613

Insufficient Session Expiration

{"id": "CVE-2026-30224", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2026-03-06T21:16:16.280", "references": [{"url": "https://github.com/OliveTin/OliveTin/commit/d6a0abc3755d43107be1939567c52953bcbec3d5", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/OliveTin/OliveTin/releases/tag/3000.11.1", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/OliveTin/OliveTin/security/advisories/GHSA-gq2m-77hf-vwgh", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-384"}, {"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry (default \u2248 1 year). An attacker with a previously stolen or captured session cookie can continue authenticating after logout, resulting in a post-logout authentication bypass. This is a session management flaw that violates expected logout semantics. This issue has been patched in version 3000.11.1."}, {"lang": "es", "value": "OliveTin da acceso a comandos shell predefinidos desde una interfaz web. Antes de la versi\u00f3n 3000.11.1, OliveTin no revoca las sesiones del lado del servidor cuando un usuario cierra sesi\u00f3n. Aunque la cookie del navegador se borra, la sesi\u00f3n correspondiente permanece v\u00e1lida en el almacenamiento del servidor hasta su caducidad (por defecto ? 1 a\u00f1o). Un atacante con una cookie de sesi\u00f3n previamente robada o capturada puede continuar autentic\u00e1ndose despu\u00e9s de cerrar sesi\u00f3n, lo que resulta en una omisi\u00f3n de autenticaci\u00f3n posterior al cierre de sesi\u00f3n. Esto es una falla de gesti\u00f3n de sesiones que viola la sem\u00e1ntica esperada del cierre de sesi\u00f3n. Este problema ha sido parcheado en la versi\u00f3n 3000.11.1."}], "lastModified": "2026-03-12T15:57:33.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:olivetin:olivetin:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36F31F34-F899-413C-9A07-C14E32C66807", "versionEndExcluding": "3000.11.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}