• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-384

CVE-2021-22237

February 23, 2023 by

Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2

CVE-2021-21671

February 23, 2023 by

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login.

CVE-2021-20324

February 23, 2023 by

A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication.

CVE-2021-20151

February 23, 2023 by

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router’s management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker (whether from a different computer, different web browser on the same machine, etc.) to take over an existing session. This does require the attacker to be able to spoof or take over original IP address of the original user’s session.

CVE-2022-44788

February 23, 2023 by godfreyd94

An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login.

CVE-2022-44007

February 23, 2023 by godfreyd94

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 23
  • Go to page 24
  • Go to page 25
  • Go to page 26
  • Go to page 27
  • Interim pages omitted …
  • Go to page 31
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE