Vulnerabilities > Session Fixation

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-11	CVE-2023-31498	Session Fixation vulnerability in PHPgurukul Hospital Management System 4.0 A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter. network low complexity phpgurukul CWE-384 critical	9.8
2023-05-09	CVE-2023-28316	Session Fixation vulnerability in Rocket.Chat A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. network low complexity rocket-chat CWE-384 critical	9.8
2023-05-09	CVE-2023-30056	Session Fixation vulnerability in Fico Origination Manager Decision 4.8.1 A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie. network low complexity fico CWE-384	7.5
2023-05-03	CVE-2023-1265	Session Fixation vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. network low complexity gitlab CWE-384	4.5
2023-04-21	CVE-2023-29019	Session Fixation vulnerability in Fastify Passport @fastify/passport is a port of passport authentication library for the Fastify ecosystem. network low complexity fastify CWE-384	8.1
2023-04-15	CVE-2023-2105	Session Fixation vulnerability in Easyappointments Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. network low complexity easyappointments CWE-384	8.8
2023-04-05	CVE-2022-31888	Session Fixation vulnerability in Enhancesoft Osticket Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. network low complexity enhancesoft CWE-384	8.8
2023-02-16	CVE-2021-42761	Session Fixation vulnerability in Fortinet Fortiweb A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session. network low complexity fortinet CWE-384 critical	9.8
2023-01-26	CVE-2023-24424	Session Fixation vulnerability in Jenkins Openid Connect Authentication Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login. network low complexity jenkins CWE-384	8.8
2023-01-26	CVE-2023-24427	Session Fixation vulnerability in Jenkins Bitbucket Oauth Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login. network low complexity jenkins CWE-384 critical	9.8

Vulnerabilities > Session Fixation {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Session Fixation"}]}

Vulnerabilities > Session Fixation