Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-25896

Опубликовано: 02 июл. 2022
Источник: redhat
CVSS3: 4.8
EPSS Низкий

Описание

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

A misleading session regeneration flaw was found in passport. When a user logs in or logs out, the session is regenerated instead of being closed. This flaw allows an attacker to use a previous session in particular environments.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/search-api-rhel8Affected
Red Hat Advanced Cluster Management for Kubernetes 2acm-governance-policy-addon-controller-containerFixedRHSA-2022:731302.11.2022
Red Hat Advanced Cluster Management for Kubernetes 2acm-grafana-containerFixedRHSA-2022:731302.11.2022
Red Hat Advanced Cluster Management for Kubernetes 2acm-must-gather-containerFixedRHSA-2022:731302.11.2022
Red Hat Advanced Cluster Management for Kubernetes 2acm-operator-bundle-containerFixedRHSA-2022:731302.11.2022
Red Hat Advanced Cluster Management for Kubernetes 2acm-prometheus-config-reloader-containerFixedRHSA-2022:731302.11.2022
Red Hat Advanced Cluster Management for Kubernetes 2acm-prometheus-operator-containerFixedRHSA-2022:731302.11.2022
Red Hat Advanced Cluster Management for Kubernetes 2acm-volsync-addon-controller-containerFixedRHSA-2022:731302.11.2022
Red Hat Advanced Cluster Management for Kubernetes 2cert-policy-controller-containerFixedRHSA-2022:731302.11.2022
Red Hat Advanced Cluster Management for Kubernetes 2cluster-backup-operator-containerFixedRHSA-2022:731302.11.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-384
https://bugzilla.redhat.com/show_bug.cgi?id=2111862passport: incorrect session regeneration

EPSS

Процентиль: 38%
0.00164
Низкий

4.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-25896

CVSS3: 4.8
ubuntu
больше 3 лет назад

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

nvd логотип

CVE-2022-25896

CVSS3: 4.8
nvd
больше 3 лет назад

This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

debian логотип

CVE-2022-25896

CVSS3: 4.8
debian
больше 3 лет назад

This affects the package passport before 0.6.0. When a user logs in or ...

github логотип

GHSA-v923-w3x8-wh69

CVSS3: 4.8
github
больше 3 лет назад

Passport vulnerable to session regeneration when a users logs in or out

EPSS

Процентиль: 38%
0.00164
Низкий

4.8 Medium

CVSS3