CVE-2023-1265

MEDIUM Year: 2023
CVSS v3 Score
4.5
Medium
Weakness Type
CWE-384
View all →

Vulnerability Description

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.

Related Vulnerabilities

CVE-2017-10890

MEDIUM
CVSS:4.6(Medium)

Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware version...

CWE-3842017

CVE-2022-2997

MEDIUM
CVSS:4.6(Medium)

Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.

CWE-3842022

CVE-2022-30769

MEDIUM
CVSS:4.6(Medium)

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.

CWE-3842022

CVE-2023-47798

MEDIUM
CVSS:4.6(Medium)

Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions,...

CWE-3842023

CVE-2024-24823

MEDIUM
CVSS:4.4(Medium)

Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, eve...

CWE-3842024

CVE-2017-1152

MEDIUM
CVSS:4.3(Medium)

IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force...

CWE-3842017