Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-28F7C6F30B45EEBEFF13E5F0745F948D

HistoryJan 09, 2023 - 12:00 a.m.

Duplicate of ./go/github.com/KubeOperator/KubePi/CVE-2023-22479.yml

2023-01-0900:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

session fixation

kubepi v1.6.3

web application handling

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.6%

JSON

Summary

A session fixation attack allows an attacker to hijack a legitimate user session. The attack investigates a flaw in how the online application handles the session ID, especially the susceptible web application.

Affected Version

<= v1.6.3

For more information

If you have any questions or comments about this advisory, please open an issue.

This vulnerability is reported by sachinh09 from huntr.dev.

Affected configurations

Vulners

Node

gokubepiRange<0

CPENameOperatorVersion
go/github.com/kubeoperator/kubepilt0

CPE	Name	Operator	Version
	go/github.com/kubeoperator/kubepi	lt	0

References

github.com/advisories/GHSA-v4w5-r2xc-7f8h

github.com/KubeOperator/KubePi/security/advisories/GHSA-v4w5-r2xc-7f8h

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.6%

JSON

Related for GITLAB-28F7C6F30B45EEBEFF13E5F0745F948D