PT-2023-18531 · Kubepi · Kubepi

Sachinh09

Publicado

2023-01-09

Atualizado

2024-08-20

CVE-2023-22479

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions KubePi versions 1.6.3 and below

Description A session fixation attack allows an attacker to hijack a legitimate user session. This issue is related to a flaw in how the online application handles the session ID, particularly in susceptible web applications.

Recommendations For versions 1.6.3 and below, upgrade to version 1.6.4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application until the update can be applied.

Exploit

Correção

Session Fixation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-384

Identificadores relacionados

CVE-2023-22479

GHSA-V4W5-R2XC-7F8H

GO-2023-1468

Produtos afetados

Kubepi

PT-2023-18531 · Kubepi · Kubepi

CVE-2023-22479

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11