5 matches found
Session Fixation
silverstripe/hybridsessions is vulnerable to session fixation. The vulnerability exists because the destroy function of DatabaseStore.php does not properly reset the user session after logging out, allowing an attacker to gain privileges via the client-side cookie...
Hybridsessions does not expire session id on logout
When using the hybridsessions module is used without the session-manager module installed and sessions IDs are saved to disk, unexpired SessionIDs of logged out users can still be used to make authenticated requests...
GHSA-C7Q8-M4XW-C674 Hybridsessions does not expire session id on logout
When using the hybridsessions module is used without the session-manager module installed and sessions IDs are saved to disk, unexpired SessionIDs of logged out users can still be used to make authenticated requests...
PT-2022-16701 · Silverstripe · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions 4.10 and earlier Description: The issue allows session fixation, where unexpired SessionIDs of logged out users can still be used to make authenticated requests when the hybridsessions module is us...
CVE-2022-24444: Hybridsessions does not expire session id on logout
More info at https://www.silverstripe.org/download/security-releases/cve-2022-24444...