PT-2022-17592 · Passport+1 · Passport+1

Jaredhanson

Published

2022-07-01

Updated

2022-07-13

CVE-2022-25896

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions passport versions prior to 0.6.0

Description The issue affects the passport package, causing the session to be regenerated instead of being closed when a user logs in or logs out.

Recommendations For versions prior to 0.6.0, update to version 0.6.0 or later to resolve the issue.

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2022-25896

GHSA-V923-W3X8-WH69

SNYK-JS-PASSPORT-2840631

Affected Products

Debian

Passport

PT-2022-17592 · Passport+1 · Passport+1

CVE-2022-25896

Weakness Enumeration

Related Identifiers

Affected Products

References · 14