CVE-2014-125048

Опубликовано: 06 янв. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 5.4

CVSS2: 5.8

EPSS Низкий

Описание

A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The patch is named e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559.

Ссылки

https://github.com/kassi/xingwall/commit/e9f0d509e1408743048e29d9c099d36e0e1f6ae7
Patch
Third Party Advisory
https://vuldb.com/?ctiid.217559
Third Party Advisory
https://vuldb.com/?id.217559
Third Party Advisory
https://github.com/kassi/xingwall/commit/e9f0d509e1408743048e29d9c099d36e0e1f6ae7
Patch
Third Party Advisory
https://vuldb.com/?ctiid.217559
Third Party Advisory
https://vuldb.com/?id.217559
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kluks:xingwall:*:*:*:*:*:*:*:*

Версия до e9f0d509e1408743048e29d9c099d36e0e1f6ae7 (исключая)

EPSS

Процентиль: 46%

0.00229

Низкий

6.3 Medium

CVSS3

5.4 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-384

Связанные уязвимости

GHSA-p6wp-9xww-w5v7

CVSS3: 5.4

github

около 3 лет назад

A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The name of the patch is e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559.

EPSS

Процентиль: 46%

0.00229

Низкий

6.3 Medium

CVSS3

5.4 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-384