CVE-2016-8638
CRITICAL9.1EPSS 7.1%Session Fixation in ipsilon
發布日:2022/5/14修改日:2024/2/16
描述
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."
受影響套件(1)
- PyPI/ipsilon>= 2.0.0, < 2.0.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
參考連結(15)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-8638
- PATCHhttps://github.com/ipsilon-project/ipsilon
- WEBhttp://rhn.redhat.com/errata/RHSA-2016-2809.html
- WEBhttps://access.redhat.com/errata/RHSA-2016:2809
- WEBhttps://access.redhat.com/security/cve/CVE-2016-8638
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1392829
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638
- WEBhttps://github.com/ipsilon-project/ipsilon/commit/1c48414877fc110652b6078a29529972c7ec9122
- WEBhttps://github.com/ipsilon-project/ipsilon/commit/64fc366c054fc6af1d9d2692902db169884b5f78
- WEBhttps://github.com/ipsilon-project/ipsilon/commit/a33303b6beb5c316d7c18b23566b7666a4e307a4
- WEBhttps://github.com/ipsilon-project/ipsilon/commit/b4744a92d4fa7f6d7ade0ae2d99a2dc0ea94734d
- WEBhttps://ipsilon-project.org/advisory/CVE-2016-8638.txt
- WEBhttps://ipsilon-project.org/release/2.1.0.html
- WEBhttps://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c
- WEBhttp://www.securityfocus.com/bid/94439