Lucene search

K
osvGoogleOSV:CVE-2020-35591
HistoryFeb 18, 2021 - 8:15 p.m.

CVE-2020-35591

2021-02-1820:15:12
Google
osv.dev
6
pi-hole
session fixation
vulnerability
software
cve-2020-35591

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

44.6%

Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user’s account through the active session.

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

44.6%

Related for OSV:CVE-2020-35591