Описание
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.0 (исключая)
cpe:2.3:a:cloudfoundry:stratos:*:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00181
Низкий
8.2 High
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-384
CWE-384
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id.
EPSS
Процентиль: 40%
0.00181
Низкий
8.2 High
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-384
CWE-384