Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-22479: A session fixation attack allows an attacker to hijack a legitimate user session.

KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4.

CVE
Open in Source
#vulnerability#web#git#kubernetes

Package

No package listed

Affected versions

<= v1.6.3

Patched versions

The vulnerability has been fixed in v1.6.4

Description

Summary

A session fixation attack allows an attacker to hijack a legitimate user session. The attack investigates a flaw in how the online application handles the session ID, especially the susceptible web application.

Affected Version

<= v1.6.3

For more information

If you have any questions or comments about this advisory, please open an issue.

This vulnerability is reported by sachinh09 from huntr.dev.

Related news

GHSA-v4w5-r2xc-7f8h: KubePi session fixation attack allows an attacker to hijack a legitimate user session.

### Summary A session fixation attack allows an attacker to hijack a legitimate user session. The attack investigates a flaw in how the online application handles the session ID, especially the susceptible web application. ### Affected Version <= v1.6.3 ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/KubeOperator/KubePi/issues). This vulnerability is reported by [sachinh09](https://huntr.dev/users/sachinh09/) from [huntr.dev](https://huntr.dev/).

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE