Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrVautiaC09BF21B-50D2-49F0-8C92-49F6B3C358D8
HistoryAug 22, 2022 - 9:10 p.m.

Session Fixation

2022-08-2221:10:53
vautia
www.huntr.dev
15
session fixation
snipe-it
browser
password change
invalidation
bug bounty

EPSS

0.001

Percentile

40.5%

JSON

Description

The session is not invalidated after a password change.

Proof of Concept

Open Snipe-IT in the browser and login. Do the same in a private window such that there are two sessions. Change the password in one of the two sessions and observe that the second session is not invalidated.

Related

veracode 1
cvelist 1
nvd 1
prion 1
osv 2
github 1
cve 1
veracode
veracode
Session Fixation
2022-08-26 04:46:48
cvelist
cvelist
CVE-2022-2997 Session Fixation in snipe/snipe-it
2022-08-25 20:30:17
nvd
nvd
CVE-2022-2997
2022-08-25 21:15:08
prion
prion
Session fixation
2022-08-25 21:15:00
osv
osv
CVE-2022-2997
2022-08-25 21:15:08
Insufficient Session Expiration in snipe/snipe-it
2022-08-26 00:03:29
github
github
Insufficient Session Expiration in snipe/snipe-it
2022-08-26 00:03:29
cve
cve
CVE-2022-2997
2022-08-25 21:15:08

EPSS

0.001

Percentile

40.5%

JSON
Related for C09BF21B-50D2-49F0-8C92-49F6B3C358D8
veracode1cvelist1nvd1prion1osv2github1cve1