Lucene search
SnykCVELIST:CVE-2022-25896HistoryJul 01, 2022 - 12:00 a.m.
CVE-2022-25896 Session Fixation
2022-07-0100:00:00
snyk
www.cve.org
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.0%
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.
CNA Affected
[
{
"product": "passport",
"vendor": "n/a",
"versions": [
{
"lessThan": "0.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
redhatcve
redhatcve
CVE-2022-25896
2022-07-28 11:09:39
github
github
Passport vulnerable to session regeneration when a users logs in or out
2022-07-02 00:00:19
veracode
veracode
Session Fixation
2022-07-04 04:26:26
cve
cve
CVE-2022-25896
2022-07-01 20:15:07
ubuntucve
ubuntucve
CVE-2022-25896
2022-07-01 00:00:00
prion
prion
Code injection
2022-07-01 20:15:00
osv
osv
CVE-2022-25896
2022-07-01 20:15:07
Passport vulnerable to session regeneration when a users logs in or out
2022-07-02 00:00:19
debiancve
debiancve
CVE-2022-25896
2022-07-01 20:15:07
nvd
nvd
CVE-2022-25896
2022-07-01 20:15:07
ibm
ibm
redhat
redhat
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.0%
Related for CVELIST:CVE-2022-25896