GoogleOSV:GHSA-4M5P-5W5W-3JCFcom.enonic.xp:lib-auth vulnerable to Session Fixation
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.5%
Impact
All id-providers using lib-auth login method.
Patches
https://github.com/enonic/xp/commit/0189975691e9e6407a9fee87006f730e84f734ff
https://github.com/enonic/xp/commit/2abac31cec8679074debc4f1fb69c25930e40842
https://github.com/enonic/xp/commit/1f44674eb9ab3fbab7103e8d08067846e88bace4
Workarounds
Don’t use lib-auth for login.
Java API uses low-level structures and allows to invalidate previous session before auth-info is added.
References
References
github.com/enonic/xp
github.com/enonic/xp/commit/0189975691e9e6407a9fee87006f730e84f734ff
github.com/enonic/xp/commit/1f44674eb9ab3fbab7103e8d08067846e88bace4
github.com/enonic/xp/commit/2abac31cec8679074debc4f1fb69c25930e40842
github.com/enonic/xp/issues/9253
github.com/enonic/xp/security/advisories/GHSA-4m5p-5w5w-3jcf
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.5%