Headline
GHSA-v4w5-r2xc-7f8h: KubePi session fixation attack allows an attacker to hijack a legitimate user session.
Summary
A session fixation attack allows an attacker to hijack a legitimate user session. The attack investigates a flaw in how the online application handles the session ID, especially the susceptible web application.
Affected Version
<= v1.6.3
For more information
If you have any questions or comments about this advisory, please open an issue.
Package
gomod github.com/KubeOperator/kubepi (Go)
Affected versions
<= 1.6.3
Description
Summary
A session fixation attack allows an attacker to hijack a legitimate user session. The attack investigates a flaw in how the online application handles the session ID, especially the susceptible web application.
Affected Version
<= v1.6.3
For more information
If you have any questions or comments about this advisory, please open an issue.
This vulnerability is reported by sachinh09 from huntr.dev.
References
- GHSA-v4w5-r2xc-7f8h
Severity
CVSS base metrics
User interaction
Required
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
GHSA ID
GHSA-v4w5-r2xc-7f8h
Source code
Related news
KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4.