GitHub Advisory DatabaseGHSA-V4W5-R2XC-7F8HKubePi session fixation attack allows an attacker to hijack a legitimate user session.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
30.6%
Summary
A session fixation attack allows an attacker to hijack a legitimate user session. The attack investigates a flaw in how the online application handles the session ID, especially the susceptible web application.
Affected Version
<= v1.6.3
Patches
The vulnerability has been fixed in v1.6.4.
https://github.com/KubeOperator/KubePi/commit/1e9c550356c1a425a742480efcf743d373e98dcb : A session fixation attack allows an attacker to hijack a legitimate user session.
Workarounds
It is recommended to upgrade the version to v1.6.4.
For more information
If you have any questions or comments about this advisory, please open an issue.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/kubeoperator/kubepi | le | 1.6.3 |
References
github.com/1Panel-dev/KubePi/security/advisories/GHSA-v4w5-r2xc-7f8h
github.com/advisories/GHSA-v4w5-r2xc-7f8h
github.com/KubeOperator/KubePi/commit/1e9c550356c1a425a742480efcf743d373e98dcb
github.com/KubeOperator/KubePi/releases/tag/v1.6.4
github.com/KubeOperator/KubePi/security/advisories/GHSA-v4w5-r2xc-7f8h
nvd.nist.gov/vuln/detail/CVE-2023-22479
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
30.6%