Total
357 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49804 | 2 Dockge.kuma, Uptime.kuma | 2 Dockge, Uptime Kuma | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. This vulnerability allows unauthorized access to user accounts, compromising the security of sensitive information. The same vulnerability was partially fixed in CVE-2023-44400, but logging existing users out of their accounts was forgotten. To mitigate the risks associated with this vulnerability, the maintainers made the server emit a `refresh` event (clients handle this by reloading) and then disconnecting all clients except the one initiating the password change. It is recommended to update Uptime Kuma to version 1.23.9. | |||||
| CVE-2023-48929 | 1 Franklin-electric | 1 System Sentinel Anyware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information. | |||||
| CVE-2023-47798 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | N/A | 5.4 MEDIUM |
| Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked. | |||||
| CVE-2023-46733 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | N/A | 6.5 MEDIUM |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every successful login. It does so only in case the logged in user changes by means of checking the user identifier. In some use cases, the user identifier doesn't change between the verification phase and the successful login, while the token itself changes from one type (partially-authenticated) to another (fully-authenticated). When this happens, the session id should be regenerated to prevent possible session fixations, which is not the case at the moment. As of versions 5.4.31 and 6.3.8, Symfony now checks the type of the token in addition to the user identifier before deciding whether the session id should be regenerated. | |||||
| CVE-2023-45687 | 1 Southrivertech | 2 Titan Mft Server, Titan Sftp Server | 2024-11-21 | N/A | 8.8 HIGH |
| A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing | |||||
| CVE-2023-44400 | 1 Uptime.kuma | 1 Uptime Kuma | 2024-11-21 | N/A | 6.7 MEDIUM |
| Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue. | |||||
| CVE-2023-42322 | 1 Icmsdev | 1 Icms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. | |||||
| CVE-2023-41012 | 1 Chinamobile | 2 Intelligent Home Gateway, Intelligent Home Gateway Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the authentication mechanism. | |||||
| CVE-2023-40273 | 1 Apache | 1 Airflow | 2024-11-21 | N/A | 8.0 HIGH |
| The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour. Users of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. | |||||
| CVE-2023-3394 | 1 Fossbilling | 1 Fossbilling | 2024-11-21 | N/A | 5.4 MEDIUM |
| Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1. | |||||
| CVE-2023-3192 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 5.4 MEDIUM |
| Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0. | |||||
| CVE-2023-37946 | 1 Jenkins | 1 Openshift Login | 2024-11-21 | N/A | 8.8 HIGH |
| Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login. | |||||
| CVE-2023-29020 | 1 Fastify | 1 Passport | 2024-11-21 | N/A | 6.5 MEDIUM |
| @fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network and same-site attackers. `fastify/csrf-protection` implements the synchronizer token pattern (using plugins `@fastify/session` and `@fastify/secure-session`) by storing a random value used for CSRF token generation in the `_csrf` attribute of a user's session. The `@fastify/passport` library does not clear the session object upon authentication, preserving the `_csrf` attribute between pre-login and authenticated sessions. Consequently, CSRF tokens generated before authentication are still valid. Network and same-site attackers can thus obtain a CSRF token for their pre-session, fixate that pre-session in the victim's browser via cookie tossing, and then perform a CSRF attack after the victim authenticates. As a solution, newer versions of `@fastify/passport` include the configuration options: `clearSessionOnLogin (default: true)` and `clearSessionIgnoreFields (default: ['passport', 'session'])` to clear all the session attributes by default, preserving those explicitly defined in `clearSessionIgnoreFields`. | |||||
| CVE-2023-29019 | 1 Fastify | 1 Passport | 2024-11-21 | N/A | 8.1 HIGH |
| @fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passport` in affected versions for user authentication, in combination with `@fastify/session` as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. fastify applications rely on the `@fastify/passport` library for user authentication. The login and user validation are performed by the `authenticate` function. When executing this function, the `sessionId` is preserved between the pre-login and the authenticated session. Network and same-site attackers can hijack the victim's session by tossing a valid `sessionId` cookie in the victim's browser and waiting for the victim to log in on the website. As a solution, newer versions of `@fastify/passport` regenerate `sessionId` upon login, preventing the attacker-controlled pre-session cookie from being upgraded to an authenticated session. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-28809 | 1 Hikvision | 52 Ds-k1t320efwx, Ds-k1t320efwx Firmware, Ds-k1t320efx and 49 more | 2024-11-21 | N/A | 7.5 HIGH |
| Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user. | |||||
| CVE-2023-27490 | 1 Nextauth.js | 1 Next-auth | 2024-11-21 | N/A | 8.1 HIGH |
| NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to **log in as the victim**, bypassing the CSRF protection. This is due to a partial failure during a compromised OAuth session where a session code is erroneously generated. This issue has been addressed in version 4.20.1. Users are advised to upgrade. Users unable to upgrade may using Advanced Initialization, manually check the callback request for state, pkce, and nonce against the provider configuration to prevent this issue. See the linked GHSA for details. | |||||
| CVE-2023-24477 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-11-21 | N/A | 7.0 HIGH |
| In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session. | |||||
| CVE-2023-22479 | 1 Fit2cloud | 1 Kubepi | 2024-11-21 | N/A | 7.5 HIGH |
| KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4. | |||||
| CVE-2023-21239 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21238 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||