10 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-25896
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed. CVE-2022-25896 Note that...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to session hijacking due to Node.js passport module ( CVE-2022-25896 )
Summary Node.js passport module is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-25896. Vulnerability Details CVEID:CVE-2022-25896 DESCRIPTION: Node.js passport module could allow a remote attacker to hijack a user's session, caused by a session fixation vulnerability. An...
Security Bulletin: Node.js passport is vulnerable to CVE-2022-25896 used in IBM Maximo Application Suite
Summary There is one vulnerability in passport-0.4.1.tgz used by IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-25896 DESCRIPTION: Node.js passport module could allow a remote attacker to hijack a user's session, caused by a session fixation vulnerability. An attacker could...
Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.2 security update and bug fixes
Red Hat Advanced Cluster Management for Kubernetes 2.6.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
CVE-2022-25896
A misleading session regeneration flaw was found in passport. When a user logs in or logs out, the session is regenerated instead of being closed. This flaw allows an attacker to use a previous session in particular environments. Mitigation Mitigation for this issue is either not available or the...
CVE-2022-25896
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed...
CVE-2022-25896
CVE-2022-25896 affects the passport package prior to v0.6.0, where a user login/logout regenerates the session instead of closing it, enabling potential session hijacking of regenerated sessions. Public details confirm the vulnerable component (passport) and the fixed threshold (0.6.0+). The prov...
CVE-2022-25896 Session Fixation
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed...
CVE-2022-25896
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed...
1batch (=1.0.0), 30-lines-telegram-bot (>=1.0.0 <=1.0.1) +4707 more potentially affected by CVE-2022-25896 via passport (>=0.1.10 <=0.5.3)
passport NPM version =0.1.10, =1.0.0, =1.1.0, =4.11.0, =0.1.0, =0.0.1, =1.0.3, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.1.18 and more Source cves: CVE-2022-25896 Source advisory: SNYK:JS-PASSPORT-2840631...