Uploaded image for project: 'Hippo CMS'
  1. Hippo CMS
  2. CMS-11339

[Backport 10.2] Session Fixation Vulnerability

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Top
    • Resolution: Fixed
    • None
    • 3.2.17
    • None
    • None
    • Turing

    Description

      The web application has a session fixation vulnerability that allows an attacker to selectively take over sessions of a user and access their data because the session ID is not regenerated on the server side each time the permission context is changed.

      Attachments

        Issue Links

          is blocked by

          New Feature - A new feature of the product, which has yet to be developed. CMS-11346 [Backport 10.2] Bump wicket to 6.29.0

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. CMS-10946 Server 500 in CMS after logging out of the Console

          • High - High priority, expected behaviour required often required for other tasks
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. CMS-10267 /cms also gets logged out when someone logs out from /cms/console

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Activity

            People

              Unassigned Unassigned
              aschrijvers Ard Schrijvers
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: