Bug 2365151 (CVE-2025-46336)

Summary: CVE-2025-46336 rack: Rack::Session Session Persistence Vulnerability
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: akostadi, amasferr, anthomas, cbartlet, dmayorov, ehelms, ggainey, jcantril, jlledo, juwatts, mhulan, mkudlej, mmakovy, nmoumoul, osousa, pcreech, periklis, rchan, rojacob, smallamp, tjochec
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in Rack::Session. This vulnerability allows an attacker to maintain unauthorized access to a user's session by triggering a long-running request after the user logs out.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2365204, 2365205, 2365207, 2365208, 2365209    
Bug Blocks:    

Description OSIDB Bzimport 2025-05-08 20:01:14 UTC 
Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1.