Lucene search

GoogleOSV:CVE-2023-4649

HistoryAug 31, 2023 - 1:15 a.m.

CVE-2023-4649

2023-08-3101:15:09

Google

osv.dev

github

session fixation

instantsoft/icms2

software

cve-2023-4649

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.

CPENameOperatorVersion
icms2eq2.6.1
icms2eq2.4.0
icms2eq2.14.1
icms2eq2.7.1
icms2eq2.7.0
icms2eq2.15.0
icms2eq2.7.2
icms2eq2.9.0
icms2eq2.6.0
icms2eq2.14.2

Name	Operator	Version
icms2	eq	2.6.1
icms2	eq	2.4.0
icms2	eq	2.14.1
icms2	eq	2.7.1
icms2	eq	2.7.0
icms2	eq	2.15.0
icms2	eq	2.7.2
icms2	eq	2.9.0
icms2	eq	2.6.0
icms2	eq	2.14.2

Rows per page:

1-10 of 291

References

github.com/instantsoft/icms2/commit/ca5f150da11d9caae86638885137afe35bcc3592

huntr.dev/bounties/069bb1f3-0805-480d-a6e1-b3345cdc60f3

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for OSV:CVE-2023-4649