CVE-2022-25896

Опубликовано: 01 июл. 2022

Источник: nvd

CVSS3: 4.8

CVSS2: 5.8

EPSS Низкий

Описание

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

Ссылки

https://github.com/jaredhanson/passport/commit/7e9b9cf4d7be02428e963fc729496a45baeea608
Patch
Third Party Advisory
https://github.com/jaredhanson/passport/pull/900
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631
Patch
Third Party Advisory
https://github.com/jaredhanson/passport/commit/7e9b9cf4d7be02428e963fc729496a45baeea608
Patch
Third Party Advisory
https://github.com/jaredhanson/passport/pull/900
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:passport_project:passport:*:*:*:*:*:node.js:*:*

Версия до 0.6.0 (исключая)

EPSS

Процентиль: 38%

0.00164

Низкий

4.8 Medium

CVSS3

4.8 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-384

Связанные уязвимости

CVE-2022-25896

CVSS3: 4.8

ubuntu

больше 3 лет назад

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

CVE-2022-25896

CVSS3: 4.8

redhat

больше 3 лет назад

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

CVE-2022-25896

CVSS3: 4.8

debian

больше 3 лет назад

This affects the package passport before 0.6.0. When a user logs in or ...

GHSA-v923-w3x8-wh69

CVSS3: 4.8

github

больше 3 лет назад

Passport vulnerable to session regeneration when a users logs in or out

EPSS

Процентиль: 38%

0.00164

Низкий

4.8 Medium

CVSS3

4.8 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-384