Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:36809
HistoryAug 26, 2022 - 4:46 a.m.

Session Fixation

2022-08-2604:46:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
21
snipe-it
session fixation
passwordsave
profilecontroller.php
vulnerability

EPSS

0.001

Percentile

40.5%

JSON

snipe/snipe-it is vulnerable to session fixation. The vulnerability exists in passwordsave function in ProfileController.php due to not logging the user out of other devices when changing the password which allows the attacker to submit an old password session link to access the system.

Related

cvelist 1
nvd 1
prion 1
osv 2
github 1
huntr 1
cve 1
cvelist
cvelist
CVE-2022-2997 Session Fixation in snipe/snipe-it
2022-08-25 20:30:17
nvd
nvd
CVE-2022-2997
2022-08-25 21:15:08
prion
prion
Session fixation
2022-08-25 21:15:00
osv
osv
CVE-2022-2997
2022-08-25 21:15:08
Insufficient Session Expiration in snipe/snipe-it
2022-08-26 00:03:29
github
github
Insufficient Session Expiration in snipe/snipe-it
2022-08-26 00:03:29
huntr
huntr
Session Fixation
2022-08-22 21:10:53
cve
cve
CVE-2022-2997
2022-08-25 21:15:08

EPSS

0.001

Percentile

40.5%

JSON
Related for VERACODE:36809
cvelist1nvd1prion1osv2github1huntr1cve1