GHSA-376m-3rm2-9jm6

Suggest an improvement
Source
https://github.com/advisories/GHSA-376m-3rm2-9jm6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-376m-3rm2-9jm6/GHSA-376m-3rm2-9jm6.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-376m-3rm2-9jm6
Aliases
  • CVE-2016-8638
Published
2022-05-14T03:55:23Z
Modified
2024-02-16T08:19:08.568086Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
Session Fixation in ipsilon
Details

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."

Database specific
{
    "nvd_published_at": "2017-07-12T13:29:00Z",
    "cwe_ids": [
        "CWE-384"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-14T00:46:20Z"
}
References

Affected packages

PyPI / ipsilon

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.0.2

PyPI / ipsilon

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.2.0
Fixed
1.2.1

Affected versions

1.*

1.2.0

PyPI / ipsilon

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.1.0
Fixed
1.1.2

PyPI / ipsilon

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
1.0.3