CWE-384
Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
CVE-2023-24477 (GCVE-0-2023-24477)
Vulnerability from cvelistv5 – Published: 2023-08-09 07:50 – Updated: 2024-09-20 12:13
VLAI
Title
Session Fixation in Guardian/CMC before 22.6.2
Summary
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session.
Severity
CWE
- CWE-384 - Session Fixation
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Nozomi Networks | Guardian |
Affected:
0 , < 22.6.2
(semver)
|
|
| Nozomi Networks | CMC |
Affected:
0 , < 22.6.2
(semver)
|
Date Public
2023-08-09 07:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.nozominetworks.com/NN-2023:8-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Guardian",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "22.6.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CMC",
"vendor": "Nozomi Networks",
"versions": [
{
"lessThan": "22.6.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "other",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This issue was confirmed by Nozomi Networks after a bug reported by one of our Customers."
}
],
"datePublic": "2023-08-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user\u0027s session.\u003c/p\u003e"
}
],
"value": "In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user\u0027s session."
}
],
"impacts": [
{
"capecId": "CAPEC-61",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-61 Session Fixation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T12:13:36.302Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://security.nozominetworks.com/NN-2023:8-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpgrade to v22.6.2 or later.\u003c/p\u003e"
}
],
"value": "Upgrade to v22.6.2 or later."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Session Fixation in Guardian/CMC before 22.6.2",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAdopt best practices that include closing the browser after a logout.\u003c/p\u003e"
}
],
"value": "Adopt best practices that include closing the browser after a logout."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2023-24477",
"datePublished": "2023-08-09T07:50:56.736Z",
"dateReserved": "2023-01-24T10:39:24.290Z",
"dateUpdated": "2024-09-20T12:13:36.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27490 (GCVE-0-2023-27490)
Vulnerability from cvelistv5 – Published: 2023-03-09 20:37 – Updated: 2025-02-25 14:59
VLAI
Title
Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth
Summary
NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to **log in as the victim**, bypassing the CSRF protection. This is due to a partial failure during a compromised OAuth session where a session code is erroneously generated. This issue has been addressed in version 4.20.1. Users are advised to upgrade. Users unable to upgrade may using Advanced Initialization, manually check the callback request for state, pkce, and nonce against the provider configuration to prevent this issue. See the linked GHSA for details.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/nextauthjs/next-auth/security/… | x_refsource_CONFIRM |
| https://authjs.dev/reference/core/providers#checks | x_refsource_MISC |
| https://danielfett.de/2020/05/16/pkce-vs-nonce-eq… | x_refsource_MISC |
| https://next-auth.js.org/configuration/initializa… | x_refsource_MISC |
| https://next-auth.js.org/configuration/providers/oauth | x_refsource_MISC |
| https://www.rfc-editor.org/rfc/rfc6749#section-10.12 | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2023042… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextauthjs | next-auth |
Affected:
< 4.20.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextauthjs/next-auth/security/advisories/GHSA-7r7x-4c4q-c4qf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextauthjs/next-auth/security/advisories/GHSA-7r7x-4c4q-c4qf"
},
{
"name": "https://authjs.dev/reference/core/providers#checks",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://authjs.dev/reference/core/providers#checks"
},
{
"name": "https://danielfett.de/2020/05/16/pkce-vs-nonce-equivalent-or-not/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://danielfett.de/2020/05/16/pkce-vs-nonce-equivalent-or-not/"
},
{
"name": "https://next-auth.js.org/configuration/initialization#advanced-initialization",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://next-auth.js.org/configuration/initialization#advanced-initialization"
},
{
"name": "https://next-auth.js.org/configuration/providers/oauth",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://next-auth.js.org/configuration/providers/oauth"
},
{
"name": "https://www.rfc-editor.org/rfc/rfc6749#section-10.12",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rfc-editor.org/rfc/rfc6749#section-10.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230420-0006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27490",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:29:38.244440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T14:59:02.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "next-auth",
"vendor": "nextauthjs",
"versions": [
{
"status": "affected",
"version": "\u003c 4.20.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim\u0027s network or who is able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to **log in as the victim**, bypassing the CSRF protection. This is due to a partial failure during a compromised OAuth session where a session code is erroneously generated. This issue has been addressed in version 4.20.1. Users are advised to upgrade. Users unable to upgrade may using Advanced Initialization, manually check the callback request for state, pkce, and nonce against the provider configuration to prevent this issue. See the linked GHSA for details."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T08:06:22.818Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextauthjs/next-auth/security/advisories/GHSA-7r7x-4c4q-c4qf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextauthjs/next-auth/security/advisories/GHSA-7r7x-4c4q-c4qf"
},
{
"name": "https://authjs.dev/reference/core/providers#checks",
"tags": [
"x_refsource_MISC"
],
"url": "https://authjs.dev/reference/core/providers#checks"
},
{
"name": "https://danielfett.de/2020/05/16/pkce-vs-nonce-equivalent-or-not/",
"tags": [
"x_refsource_MISC"
],
"url": "https://danielfett.de/2020/05/16/pkce-vs-nonce-equivalent-or-not/"
},
{
"name": "https://next-auth.js.org/configuration/initialization#advanced-initialization",
"tags": [
"x_refsource_MISC"
],
"url": "https://next-auth.js.org/configuration/initialization#advanced-initialization"
},
{
"name": "https://next-auth.js.org/configuration/providers/oauth",
"tags": [
"x_refsource_MISC"
],
"url": "https://next-auth.js.org/configuration/providers/oauth"
},
{
"name": "https://www.rfc-editor.org/rfc/rfc6749#section-10.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rfc-editor.org/rfc/rfc6749#section-10.12"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0006/"
}
],
"source": {
"advisory": "GHSA-7r7x-4c4q-c4qf",
"discovery": "UNKNOWN"
},
"title": "Missing proper state, nonce and PKCE checks for OAuth authentication in next-auth"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27490",
"datePublished": "2023-03-09T20:37:11.407Z",
"dateReserved": "2023-03-01T19:03:56.634Z",
"dateUpdated": "2025-02-25T14:59:02.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28316 (GCVE-0-2023-28316)
Vulnerability from cvelistv5 – Published: 2023-05-09 00:00 – Updated: 2025-01-28 20:38
VLAI
Summary
A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-384 - Session Fixation (CWE-384)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://hackerone.com/reports/992280 |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Rocket.Chat |
Affected:
Fixed in 6.0> and back-ported accordingly to our supported versions. Check https://docs.rocket.chat/resources/get-support/enterprise-support#rocket.chat-versions for more info
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/992280"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T20:38:17.004789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T20:38:20.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Rocket.Chat",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 6.0\u003e and back-ported accordingly to our supported versions. Check https://docs.rocket.chat/resources/get-support/enterprise-support#rocket.chat-versions for more info"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "Session Fixation (CWE-384)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/992280"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2023-28316",
"datePublished": "2023-05-09T00:00:00.000Z",
"dateReserved": "2023-03-14T00:00:00.000Z",
"dateUpdated": "2025-01-28T20:38:20.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29019 (GCVE-0-2023-29019)
Vulnerability from cvelistv5 – Published: 2023-04-21 22:28 – Updated: 2025-02-04 19:38
VLAI
Title
Session fixation in fastify-passport
Summary
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passport` in affected versions for user authentication, in combination with `@fastify/session` as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. fastify applications rely on the `@fastify/passport` library for user authentication. The login and user validation are performed by the `authenticate` function. When executing this function, the `sessionId` is preserved between the pre-login and the authenticated session. Network and same-site attackers can hijack the victim's session by tossing a valid `sessionId` cookie in the victim's browser and waiting for the victim to log in on the website. As a solution, newer versions of `@fastify/passport` regenerate `sessionId` upon login, preventing the attacker-controlled pre-session cookie from being upgraded to an authenticated session. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-384 - Session Fixation
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/fastify/fastify-passport/secur… | x_refsource_CONFIRM |
| https://github.com/fastify/fastify-passport/commi… | x_refsource_MISC |
| https://owasp.org/www-community/attacks/Session_f… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| fastify | fastify-passport |
Affected:
< 1.1.0
Affected: >= 2.0.0, < 2.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/fastify/fastify-passport/security/advisories/GHSA-4m3m-ppvx-xgw9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fastify/fastify-passport/security/advisories/GHSA-4m3m-ppvx-xgw9"
},
{
"name": "https://github.com/fastify/fastify-passport/commit/43c82c321db58ea3e375dd475de60befbfcf2a11",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fastify/fastify-passport/commit/43c82c321db58ea3e375dd475de60befbfcf2a11"
},
{
"name": "https://owasp.org/www-community/attacks/Session_fixation",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owasp.org/www-community/attacks/Session_fixation"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:38:54.508489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:38:59.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fastify-passport",
"vendor": "fastify",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.0"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passport` in affected versions for user authentication, in combination with `@fastify/session` as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. fastify applications rely on the `@fastify/passport` library for user authentication. The login and user validation are performed by the `authenticate` function. When executing this function, the `sessionId` is preserved between the pre-login and the authenticated session. Network and same-site attackers can hijack the victim\u0027s session by tossing a valid `sessionId` cookie in the victim\u0027s browser and waiting for the victim to log in on the website. As a solution, newer versions of `@fastify/passport` regenerate `sessionId` upon login, preventing the attacker-controlled pre-session cookie from being upgraded to an authenticated session. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-21T22:28:55.045Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/fastify/fastify-passport/security/advisories/GHSA-4m3m-ppvx-xgw9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fastify/fastify-passport/security/advisories/GHSA-4m3m-ppvx-xgw9"
},
{
"name": "https://github.com/fastify/fastify-passport/commit/43c82c321db58ea3e375dd475de60befbfcf2a11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fastify/fastify-passport/commit/43c82c321db58ea3e375dd475de60befbfcf2a11"
},
{
"name": "https://owasp.org/www-community/attacks/Session_fixation",
"tags": [
"x_refsource_MISC"
],
"url": "https://owasp.org/www-community/attacks/Session_fixation"
}
],
"source": {
"advisory": "GHSA-4m3m-ppvx-xgw9",
"discovery": "UNKNOWN"
},
"title": "Session fixation in fastify-passport"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29019",
"datePublished": "2023-04-21T22:28:55.045Z",
"dateReserved": "2023-03-29T17:39:16.144Z",
"dateUpdated": "2025-02-04T19:38:59.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29020 (GCVE-0-2023-29020)
Vulnerability from cvelistv5 – Published: 2023-04-21 22:31 – Updated: 2025-02-04 19:38
VLAI
Title
Cross site request forgery token fixation in fastify-passport
Summary
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network and same-site attackers. `fastify/csrf-protection` implements the synchronizer token pattern (using plugins `@fastify/session` and `@fastify/secure-session`) by storing a random value used for CSRF token generation in the `_csrf` attribute of a user's session. The `@fastify/passport` library does not clear the session object upon authentication, preserving the `_csrf` attribute between pre-login and authenticated sessions. Consequently, CSRF tokens generated before authentication are still valid. Network and same-site attackers can thus obtain a CSRF token for their pre-session, fixate that pre-session in the victim's browser via cookie tossing, and then perform a CSRF attack after the victim authenticates. As a solution, newer versions of `@fastify/passport` include the configuration options: `clearSessionOnLogin (default: true)` and `clearSessionIgnoreFields (default: ['passport', 'session'])` to clear all the session attributes by default, preserving those explicitly defined in `clearSessionIgnoreFields`.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/fastify/fastify-passport/secur… | x_refsource_CONFIRM |
| https://github.com/fastify/fastify-passport/commi… | x_refsource_MISC |
| https://cheatsheetseries.owasp.org/cheatsheets/Cr… | x_refsource_MISC |
| https://owasp.org/www-community/attacks/csrf | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| fastify | fastify-passport |
Affected:
< 1.1.0
Affected: >= 2.0.0, < 2.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/fastify/fastify-passport/security/advisories/GHSA-2ccf-ffrj-m4qw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fastify/fastify-passport/security/advisories/GHSA-2ccf-ffrj-m4qw"
},
{
"name": "https://github.com/fastify/fastify-passport/commit/07c90feab9cba0dd4779e47cfb0717a7e2f01d3d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fastify/fastify-passport/commit/07c90feab9cba0dd4779e47cfb0717a7e2f01d3d"
},
{
"name": "https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern"
},
{
"name": "https://owasp.org/www-community/attacks/csrf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owasp.org/www-community/attacks/csrf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:38:02.383186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:38:09.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fastify-passport",
"vendor": "fastify",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.0"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network and same-site attackers. `fastify/csrf-protection` implements the synchronizer token pattern (using plugins `@fastify/session` and `@fastify/secure-session`) by storing a random value used for CSRF token generation in the `_csrf` attribute of a user\u0027s session. The `@fastify/passport` library does not clear the session object upon authentication, preserving the `_csrf` attribute between pre-login and authenticated sessions. Consequently, CSRF tokens generated before authentication are still valid. Network and same-site attackers can thus obtain a CSRF token for their pre-session, fixate that pre-session in the victim\u0027s browser via cookie tossing, and then perform a CSRF attack after the victim authenticates. As a solution, newer versions of `@fastify/passport` include the configuration options: `clearSessionOnLogin (default: true)` and `clearSessionIgnoreFields (default: [\u0027passport\u0027, \u0027session\u0027])` to clear all the session attributes by default, preserving those explicitly defined in `clearSessionIgnoreFields`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-21T22:31:56.768Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/fastify/fastify-passport/security/advisories/GHSA-2ccf-ffrj-m4qw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fastify/fastify-passport/security/advisories/GHSA-2ccf-ffrj-m4qw"
},
{
"name": "https://github.com/fastify/fastify-passport/commit/07c90feab9cba0dd4779e47cfb0717a7e2f01d3d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fastify/fastify-passport/commit/07c90feab9cba0dd4779e47cfb0717a7e2f01d3d"
},
{
"name": "https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern",
"tags": [
"x_refsource_MISC"
],
"url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#synchronizer-token-pattern"
},
{
"name": "https://owasp.org/www-community/attacks/csrf",
"tags": [
"x_refsource_MISC"
],
"url": "https://owasp.org/www-community/attacks/csrf"
}
],
"source": {
"advisory": "GHSA-2ccf-ffrj-m4qw",
"discovery": "UNKNOWN"
},
"title": "Cross site request forgery token fixation in fastify-passport"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29020",
"datePublished": "2023-04-21T22:31:56.768Z",
"dateReserved": "2023-03-29T17:39:16.144Z",
"dateUpdated": "2025-02-04T19:38:09.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3192 (GCVE-0-2023-3192)
Vulnerability from cvelistv5 – Published: 2023-06-11 00:00 – Updated: 2025-01-06 17:04
VLAI
Title
Session Fixation in froxlor/froxlor
Summary
Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.
Severity
4.2 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-384 - Session Fixation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| froxlor | froxlor/froxlor |
Affected:
unspecified , < 2.1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:08.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3192",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T17:04:10.411183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:04:25.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "froxlor/froxlor",
"vendor": "froxlor",
"versions": [
{
"lessThan": "2.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-11T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f3644772-9c86-4f55-a0fa-aeb11f411551"
},
{
"url": "https://github.com/froxlor/froxlor/commit/94d9c3eedf31bc8447e3aa349e32880dde02ee52"
}
],
"source": {
"advisory": "f3644772-9c86-4f55-a0fa-aeb11f411551",
"discovery": "EXTERNAL"
},
"title": "Session Fixation in froxlor/froxlor"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3192",
"datePublished": "2023-06-11T00:00:00.000Z",
"dateReserved": "2023-06-11T00:00:00.000Z",
"dateUpdated": "2025-01-06T17:04:25.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3394 (GCVE-0-2023-3394)
Vulnerability from cvelistv5 – Published: 2023-06-23 18:12 – Updated: 2024-11-07 20:33
VLAI
Title
Session Fixation in fossbilling/fossbilling
Summary
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.
Severity
6.8 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-384 - Session Fixation
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| fossbilling | fossbilling/fossbilling |
Affected:
unspecified , < 0.5.1
(custom)
|
|
| fossbilling | fossbilling |
Affected:
0 , < 0.5.1
(custom)
cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:02.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/84bf3e85-cdeb-4b8d-9ea4-74156dbda83f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/fossbilling/fossbilling/commit/b9c35a174750f1463aea86168524efce6cd48ef7"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3394",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T20:28:50.325918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T20:33:55.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fossbilling/fossbilling",
"vendor": "fossbilling",
"versions": [
{
"lessThan": "0.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T18:12:04.642Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/84bf3e85-cdeb-4b8d-9ea4-74156dbda83f"
},
{
"url": "https://github.com/fossbilling/fossbilling/commit/b9c35a174750f1463aea86168524efce6cd48ef7"
}
],
"source": {
"advisory": "84bf3e85-cdeb-4b8d-9ea4-74156dbda83f",
"discovery": "EXTERNAL"
},
"title": "Session Fixation in fossbilling/fossbilling"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3394",
"datePublished": "2023-06-23T18:12:04.642Z",
"dateReserved": "2023-06-23T18:11:59.304Z",
"dateUpdated": "2024-11-07T20:33:55.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3711 (GCVE-0-2023-3711)
Vulnerability from cvelistv5 – Published: 2023-09-12 19:57 – Updated: 2025-09-12 19:32
VLAI
Title
Potential Predictable Session ID
Summary
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-384 - Session Fixation
Assigner
References
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Honeywell | PM23/43 |
Affected:
0 , < P10.19.050004
(semver)
|
|
| Honeywell | PC23/43, PD43 |
Affected:
0 , < K10.19.050004
(semver)
|
|
| Honeywell | PM42 |
Affected:
0 , < T10.19.050004
(semver)
|
|
| Honeywell | PM42 |
Affected:
0 , < L10.19.050004
(semver)
|
|
| Honeywell | PX4ie/6ie |
Affected:
0 , < A10.19.050004
(semver)
|
|
| Honeywell | PX45/65 |
Affected:
0 , < B10.19.050004
(semver)
|
|
| Honeywell | PD45, PX240 |
Affected:
0 , < F10.19.050004
(semver)
|
|
| Honeywell | PX940 |
Affected:
0 , < H10.19.050004
(semver)
|
|
| Honeywell | PM45 |
Affected:
0 , < J10.19.050004
(semver)
|
|
| Honeywell | RP2f/RP4f |
Affected:
0 , < M10.19.050006
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:56:40.504011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:21:02.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Printer web page"
],
"platforms": [
"32 bit"
],
"product": "PM23/43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "P10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PC23/43, PD43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "K10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "T10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "L10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX4ie/6ie",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "A10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX45/65",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "B10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PD45, PX240",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "F10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX940",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "H10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM45",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "J10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "RP2f/RP4f",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "M10.19.050006",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jinqi Lai (Independent Security Researcher)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.\u003cp\u003eThis issue affects PM43 versions prior to P10.19.050004.\u0026nbsp;Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\u003c/p\u003e"
}
],
"value": "Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004.\u00a0Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)."
}
],
"impacts": [
{
"capecId": "CAPEC-59",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-59 Session Credential Falsification through Prediction"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:32:41.660Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Potential Predictable Session ID",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-3711",
"datePublished": "2023-09-12T19:57:50.393Z",
"dateReserved": "2023-07-17T13:59:26.270Z",
"dateUpdated": "2025-09-12T19:32:41.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38002 (GCVE-0-2023-38002)
Vulnerability from cvelistv5 – Published: 2024-04-30 14:40 – Updated: 2024-08-02 17:23
VLAI
Title
IBM Storage Scale session fixation
Summary
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.
Severity
5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-384 - Session Fixation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7149699 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Storage Scale |
Affected:
5.1.0.0 , ≤ 5.1.9.2
(semver)
|
|
| ibm | storage_scale |
Affected:
5.1.0.0 , ≤ 5.1.9.2
(custom)
cpe:2.3:a:ibm:storage_scale:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:storage_scale:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "storage_scale",
"vendor": "ibm",
"versions": [
{
"lessThanOrEqual": "5.1.9.2",
"status": "affected",
"version": "5.1.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-30T16:36:07.496446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:28:25.235Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7149699"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260208"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Storage Scale",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "5.1.9.2",
"status": "affected",
"version": "5.1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208."
}
],
"value": "IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-30T14:40:43.603Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7149699"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260208"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Storage Scale session fixation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38002",
"datePublished": "2024-04-30T14:40:43.603Z",
"dateReserved": "2023-07-11T17:33:11.275Z",
"dateUpdated": "2024-08-02T17:23:27.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38018 (GCVE-0-2023-38018)
Vulnerability from cvelistv5 – Published: 2024-08-09 16:25 – Updated: 2024-08-09 21:35
VLAI
Title
IBM Aspera Shares session fixation
Summary
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-384 - Session Fixation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Aspera Shares |
Affected:
1.10.0 PL2
cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T21:35:10.534550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T21:35:43.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:aspera_shares:1.10.0:patch_level2:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Aspera Shares",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.10.0 PL2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574."
}
],
"value": "IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T16:25:10.609Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7164325"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Aspera Shares session fixation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-38018",
"datePublished": "2024-08-09T16:25:10.609Z",
"dateReserved": "2023-07-11T17:33:12.813Z",
"dateUpdated": "2024-08-09T21:35:43.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Invalidate any existing session identifiers prior to authorizing a new user session.
Mitigation
Phase: Architecture and Design
Description:
- For platforms such as ASP that do not generate new values for sessionid cookies, utilize a secondary cookie. In this approach, set a secondary cookie on the user's browser to a random value and set a session variable to the same value. If the session variable and the cookie value ever don't match, invalidate the session, and force the user to log on again.
Mitigation ID: MIT-29
Phase: Operation
Strategy: Firewall
Description:
- Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-196: Session Credential Falsification through Forging
An attacker creates a false but functional session credential in order to gain or usurp access to a service. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. If an attacker is able to forge valid session credentials they may be able to bypass authentication or piggy-back off some other authenticated user's session. This attack differs from Reuse of Session IDs and Session Sidejacking attacks in that in the latter attacks an attacker uses a previous or existing credential without modification while, in a forging attack, the attacker must create their own credential, although it may be based on previously observed credentials.
CAPEC-21: Exploitation of Trusted Identifiers
An adversary guesses, obtains, or "rides" a trusted identifier (e.g. session ID, resource ID, cookie, etc.) to perform authorized actions under the guise of an authenticated user or service.
CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.
CAPEC-39: Manipulating Opaque Client-based Data Tokens
In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
CAPEC-60: Reusing Session IDs (aka Session Replay)
This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
CAPEC-61: Session Fixation
The attacker induces a client to establish a session with the target software using a session identifier provided by the attacker. Once the user successfully authenticates to the target software, the attacker uses the (now privileged) session identifier in their own transactions. This attack leverages the fact that the target software either relies on client-generated session identifiers or maintains the same session identifiers after privilege elevation.