{"id":"CVE-2018-17107","details":"In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password.","aliases":["GHSA-42r6-p4px-qvv6"],"modified":"2026-04-10T04:09:42.869488Z","published":"2018-09-24T22:29:01.457Z","references":[{"type":"ADVISORY","url":"https://github.com/tgstation/tgstation-server/issues/690"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tgstation/tgstation-server","events":[{"introduced":"68a0c870af08dccafc30b13a16daf78720a901a0"},{"fixed":"1812a9c6793c8516c138a105ccfb2108164f0eff"}],"database_specific":{"versions":[{"introduced":"3.2.1.0"},{"fixed":"3.2.5.0"}]}}],"versions":["tgstation-server-v3.2.1.0","tgstation-server-v3.2.1.1","tgstation-server-v3.2.1.10","tgstation-server-v3.2.1.11","tgstation-server-v3.2.1.12","tgstation-server-v3.2.1.13","tgstation-server-v3.2.1.14","tgstation-server-v3.2.1.15","tgstation-server-v3.2.1.2","tgstation-server-v3.2.1.3","tgstation-server-v3.2.1.4","tgstation-server-v3.2.1.5","tgstation-server-v3.2.1.6","tgstation-server-v3.2.1.7","tgstation-server-v3.2.1.8","tgstation-server-v3.2.1.9","tgstation-server-v3.2.2.0","tgstation-server-v3.2.2.1","tgstation-server-v3.2.2.2","tgstation-server-v3.2.2.3","tgstation-server-v3.2.2.4","tgstation-server-v3.2.3.0","tgstation-server-v3.2.3.2","tgstation-server-v3.2.3.3","tgstation-server-v3.2.3.4","tgstation-server-v3.2.3.5","tgstation-server-v3.2.3.6","tgstation-server-v3.2.3.7","tgstation-server-v3.2.3.8","tgstation-server-v3.2.4.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17107.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}