CVE-2019-12203Session Fixation in Framework

CWE-384Session Fixation3 documents3 sources
Severity
6.3MEDIUMNVD
EPSS
0.1%
top 83.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Silverstripe FrameworkSilverstripe
Timeline
PublishedSep 25
Latest updateNov 12

Description

SilverStripe through 4.3.3 allows session fixation in the "change password" form.

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 0.4 | Impact: 5.9

Affected Packages2 packages

Packagistsilverstripe/framework3.7.03.7.4+3

🔴Vulnerability Details

2
GHSA
Session fixation in change password form2019-11-12
OSV
Session fixation in change password form2019-11-12