Lucene search
Veracode Vulnerability DatabaseVERACODE:46316HistoryApr 10, 2024 - 11:03 a.m.
Session Fixation
2024-04-1011:03:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
vulnerability session fixation personal data password lost compromised accounts access@responsebodysoftware
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
AI Score
7.1
Confidence
Low
EPSS
0
Percentile
9.0%
contao/core-bundle is vulnerable to Session Fixation. The vulnerability is due to a flaw in the personal data and password lost modules. allowing compromised accounts to retain access even after password changes.
Related
osv
osv
Contao: Remember-me tokens will not be cleared after a password change
2024-04-09 16:15:06
CVE-2024-30262
2024-04-09 17:16:02
nvd
nvd
CVE-2024-30262
2024-04-09 17:16:02
cvelist
cvelist
cve
cve
CVE-2024-30262
2024-04-09 17:16:02
contao
contao
Remember-me tokens are not cleared after a password change
2024-04-09 00:00:00
vulnrichment
vulnrichment
github
github
Contao: Remember-me tokens will not be cleared after a password change
2024-04-09 16:15:06
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
AI Score
7.1
Confidence
Low
EPSS
0
Percentile
9.0%
Related for VERACODE:46316