Session fixation

2014-05-0814:29:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.7%

JSON

Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.

CPENameOperatorVersion
foremaneq1.2.2
foremaneq1.2.1
foremaneq1.2.0 rc1
foremaneq1.2.3
foremaneq1.2.0
foremanle1.4.1
foremaneq1.0
foremaneq1.4.0
foremaneq1.2.0 rc2
foremaneq1.1

Name	Operator	Version
foreman	eq	1.2.2
foreman	eq	1.2.1
foreman	eq	1.2.0 rc1
foreman	eq	1.2.3
foreman	eq	1.2.0
foreman	le	1.4.1
foreman	eq	1.0
foreman	eq	1.4.0
foreman	eq	1.2.0 rc2
foreman	eq	1.1

References

projects.theforeman.org/issues/4457

theforeman.org/security.html

bugzilla.redhat.com/show_bug.cgi?id=1072151