CVE-2022-30769Session Fixation in Zoneminder

CWE-384Session Fixation4 documents4 sources
Severity
4.6MEDIUMNVD
EPSS
0.2%
top 61.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ZoneminderDebian Zoneminder
Timeline
PublishedNov 15
Latest updateNov 16

Description

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 2.1 | Impact: 2.5

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-7jhg-5532-mghv: Session fixation exists in ZoneMinder through 12022-11-16
OSV
CVE-2022-30769: Session fixation exists in ZoneMinder through 12022-11-15

📋Vendor Advisories

1
Debian
CVE-2022-30769: zoneminder - Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison ...2022