Lucene search
Veracode Vulnerability DatabaseVERACODE:43753HistoryOct 11, 2023 - 7:39 a.m.
Session Fixation
2023-10-1107:39:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
session fixation
uptime-kuma
server.js
authentication middleware
vulnerability
access maintenance
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
uptime-kuma is vulnerable to Session Fixation. The vulnerability is caused by a lack of session token invalidation in the server.js authentication middleware. This allows attackers with a token to maintain access even after the user’s password changed.
Related
vulnrichment
vulnrichment
CVE-2023-44400 Uptime Kuma has Persistentent User Sessions
2023-10-09 15:15:07
cve
cve
CVE-2023-44400
2023-10-09 16:15:10
CVE-2023-49804
2023-12-11 23:15:07
cvelist
cvelist
CVE-2023-44400 Uptime Kuma has Persistentent User Sessions
2023-10-09 15:15:07
CVE-2023-49804 Uptime Kuma Password Change Vulnerability
2023-12-11 22:32:32
prion
prion
Session fixation
2023-10-09 16:15:00
Input validation
2023-12-11 23:15:00
nvd
nvd
CVE-2023-44400
2023-10-09 16:15:10
CVE-2023-49804
2023-12-11 23:15:07
github
github
Uptime Kuma has Persistentent User Sessions
2023-10-10 21:29:23
osv
osv
Password Change Vulnerability
2023-12-12 00:59:30
CVE-2023-49804
2023-12-11 23:15:07
CVE-2023-44400
2023-10-09 16:15:10
veracode
veracode
Session Fixation
2023-12-12 06:03:15
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
Related for VERACODE:43753