2 matches found
CVE-2019-12203
SilverStripe 4.3.3 (and earlier) is affected by a session-fixation issue in the Change Password form. Multiple sources (NVD entry CVE-2019-12203, Red Hat advisory, Veracode, OSV, GHSA, and CVE lists) describe that the application does not regenerate the session ID in this flow, enabling a potenti...
CVE-2019-12203: Session fixation in "change password" form
More info at https://www.silverstripe.org/download/security-releases/cve-2019-12203/...