GHSA-6657-9743-4mc6

Source

https://github.com/advisories/GHSA-6657-9743-4mc6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-6657-9743-4mc6/GHSA-6657-9743-4mc6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6657-9743-4mc6

Aliases

CVE-2022-4231

Published

2022-11-30T12:30:20Z

Modified

2023-11-08T04:10:39.191467Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Tribal Systems Zenario CMS vulnerable to Session Fixation

Details

Tribal Systems Zenario CMS 9.3.57595 is vulnerable to session fixation. In Zenario CMS, the user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after user logout and login again into the application when "Remember me" option active. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with. The attack may be initiated remotely and an exploit has been disclosed.

Database specific

{
    "nvd_published_at": "2022-11-30T12:15:00Z",
    "github_reviewed_at": "2022-12-05T18:31:41Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-384"
    ]
}

References

Affected packages

Packagist / tribalsystems/zenario

Package

Name: tribalsystems/zenario
Purl: pkg:composer/tribalsystems/zenario

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

9.3.57595

Affected versions

7.*

7.5.40440

7.5.41006

7.5.41499

7.5.41633

7.5.42085

7.5.42990

7.5.47180

7.6.41504

7.6.41633

7.6.42085

7.6.42990

7.6.47180

7.7.42682

7.7.42963

7.7.42990

7.7.44223

7.7.47180

7.7.47369

7.7.48583

8.*

8.0.44237

8.0.44273

8.0.44294

8.0.44521

8.0.45032

8.0.45250

8.0.45529

8.0.47180

8.0.48583

8.1.45530

8.1.45698

8.1.46089

8.1.46433

8.1.46615

8.1.47180

8.1.47369

8.1.48583

8.2.46436

8.2.46614

8.2.47180

8.2.47369

8.2.47992

8.2.48583

8.3.47997

8.3.48583

8.3.50564

8.4.50565

8.4.51340

8.5.50567

8.5.50837

8.5.51340

8.6.51342

8.7

8.8

8.8.53370

8.8.53725

8.8.54063

8.9.54063

8.9.54149

8.9.54153

8.9.55141

9.*

9.0.54156

9.0.55141

9.0.57473

9.1.55143

9.1.55510

9.1.55619

9.1.57473

9.2

9.2.55826

9.2.57169

9.2.57473

9.3.57186

9.3.57474

9.3.57595