CVE-2022-25896

MEDIUM Year: 2022
CVSS v3 Score
4.8
Medium
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-384
View all →

Vulnerability Description

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

Related Vulnerabilities

CVE-2019-18946

MEDIUM
CVSS:4.8(Medium)

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.

CWE-3842019

CVE-2020-4291

MEDIUM
CVSS:4.7(Medium)

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI....

CWE-3842020

CVE-2021-22237

MEDIUM
CVSS:4.9(Medium)

Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions befor...

CWE-3842021

CVE-2016-6040

MEDIUM
CVSS:5.0(Medium)

IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.

CWE-3842016

CVE-2017-10890

MEDIUM
CVSS:4.6(Medium)

Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware version...

CWE-3842017

CVE-2022-2997

MEDIUM
CVSS:4.6(Medium)

Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.

CWE-3842022