CVE-2020-35591

Name of the Vulnerable Software and Affected Versions: Pi-hole versions 5.0 through 5.1.1

Description: The issue allows session fixation, where the application fails to generate a new session cookie after a user logs in. A malicious user can create and inject a new session cookie value into a victim's session. Once the victim logs in, the injected cookie becomes valid, granting the attacker access to the user's account through the active session.

Recommendations: For Pi-hole versions 5.0 through 5.1.1, consider disabling the login functionality until a patch is available to prevent session fixation attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.