• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-384

CVE-2022-2997

February 23, 2023 by godfreyd94

Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.

CVE-2022-27305

February 23, 2023 by godfreyd94

Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.

CVE-2022-25896

February 23, 2023 by godfreyd94

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

CVE-2022-24895

February 23, 2023 by godfreyd94

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch.

CVE-2022-24781

February 23, 2023 by godfreyd94

Geon is a board game based on solving questions about the Pythagorean Theorem. Malicious users can obtain the uuid from other users, spoof that uuid through the browser console and become co-owners of the target session. This issue is patched in version 1.1.0. No known workaround exists.

CVE-2022-24745

February 23, 2023 by godfreyd94

Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected by this issue. This issue has been resolved in version 6.4.8.2. Users unable to upgrade should disable the HTTP Cache.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 27
  • Go to page 28
  • Go to page 29
  • Go to page 30
  • Go to page 31
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE