CVE-2022-24444

Published: Jun 28, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

Silverstripe silverstripe/framework through 4.10 allows Session Fixation.

Affected (2)

Products: Silverstripe: Silverstripe

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Silverstripe Silverstripe	Up to 2.4.0
Silverstripe Silverstripe	Version 2.5.0

Related CWEs

Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References (10)

https://docs.silverstripe.org/en/4/changelogs/4.10.1/

Source: cve@mitre.org

Broken LinkVendor Advisory

https://forum.silverstripe.org/c/releases

Source: cve@mitre.org

Release NotesVendor Advisory

https://www.silverstripe.org/blog/tag/release

Source: cve@mitre.org

Release NotesVendor Advisory

https://www.silverstripe.org/download/security-releases/

Source: cve@mitre.org

Not ApplicableVendor Advisory

https://www.silverstripe.org/download/security-releases/cve-2022-24444

Source: cve@mitre.org

Vendor Advisory

https://docs.silverstripe.org/en/4/changelogs/4.10.1/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

https://forum.silverstripe.org/c/releases

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.silverstripe.org/blog/tag/release

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.silverstripe.org/download/security-releases/

Source: af854a3a-2127-422b-91ae-364da2661108

Not ApplicableVendor Advisory

https://www.silverstripe.org/download/security-releases/cve-2022-24444

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.