PT-2025-45654 · Pypi · Ckan
Publicado
2025-10-29
·
Atualizado
2025-10-29
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N |
Impact
Session ids could be fixed by an attacker if the site is configured with server-side session storage (CKAN uses cookie-based session storage by default). The attacker would need to either set a cookie on the victim's browser or steal the victim's currently valid session. Session identifiers are now regenerated after each login.
Patches
This vulnerability has been fixed in CKAN 2.10.9 and 2.11.4
References
[https://en.wikipedia.org/wiki/Session fixation](https://en.wikipedia.org/wiki/Session fixation)
Correção
Session Fixation
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ckan