GHSA-cmxc-9ghj-jp87
Suggest an improvement- Source
- https://github.com/advisories/GHSA-cmxc-9ghj-jp87
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-cmxc-9ghj-jp87/GHSA-cmxc-9ghj-jp87.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-cmxc-9ghj-jp87
- Aliases
- Published
- 2022-08-26T00:03:29Z
- Modified
- 2023-11-01T04:58:47.881427Z
- Severity
-
- 4.6 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Insufficient Session Expiration in snipe/snipe-it
- Details
-
Session Fixation in GitHub repository snipe/snipe-it prior to version 6.0.10. The session is not invalidated after a password change.
- Database specific
{ "nvd_published_at": "2022-08-25T21:15:00Z", "github_reviewed_at": "2022-08-30T20:54:45Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-384" ] }- References
Affected packages
Packagist / snipe/snipe-it
Package
- Name
- snipe/snipe-it
- Purl
- pkg:composer/snipe/snipe-it
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.0.10
Affected versions
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.2.0
v0.3.0-alpha
v0.3.7-alpha
v0.3.8-alpha
v0.3.9-alpha
v0.3.10-alpha
v0.3.11-alpha
v1.*
v1.0
v1.1
v1.2.0
v1.2.1
v1.2.2
v1.2.3-beta
v1.2.3
v1.2.4-beta
v1.2.4
v1.2.5
v1.2.6-beta
v1.2.6
v1.2.6.1
v1.2.7-beta
v1.2.7
v1.2.8
v1.2.9
v1.2.10
v1.2.11
v2.*
v2.0-beta
v2.0-RC-1
v2.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.1.0
v2.1.1
v2.1.2
v3.*
v3.0-alpha
v3.0-alpha2
v3.0-beta.1
v3.0-beta.2
v3.0-beta.3
v3.0
v3.0.0-beta
v3.1.0
v3.3.0-beta
v3.3.0
v3.4
v3.4.0-alpha
v3.4.0-beta
v3.5.0-beta
v3.5.0-beta2
v3.5.0
v3.5.1
v3.5.2
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.6.6
3.*
3.2.0
Other
v4-beta3
v4-beta4
v4.*
v4.0-alpha
v4.0-alpha-2
v4.0-beta
v4.0-beta2
v4.0-beta5
v4.0-beta6
v4.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.0.10
v4.0.11
v4.0.12
v4.0.13
v4.0.14
v4.0.15
v4.1.0-beta
v4.1.0-beta2
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.2.0
v4.3.0
v4.4.0
v4.4.1
v4.5.0
v4.6.0
v4.6.1
v4.6.2
v4.6.3
v4.6.4
v4.6.5
v4.6.6
v4.6.7
v4.6.8
v4.6.9
v4.6.10
v4.6.11
v4.6.12
v4.6.13
v4.6.14
v4.6.15
v4.6.16
v4.6.17
v4.6.18
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.7.4
v4.7.5
v4.7.6
v4.7.7
v4.7.8
v4.8.0
v4.9.0
v4.9.1
v4.9.2
v4.9.3
v4.9.4
v4.9.5
v5.*
v5.0.0-beta-1.0
v5.0.0-beta-1.1
v5.0.0-beta-2
v5.0.0-beta-3.0
v5.0.0-beta-4
v5.0.0-beta-5
v5.0.0
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.0.10
v5.0.11
v5.0.12
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.1.6
v5.1.7
v5.1.8
v5.2.0
v5.3.0
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.3.5
v5.3.6
v5.3.7
v5.3.8
v5.3.9
v5.3.10
v5.4.0
v5.4.1
v5.4.2
v5.4.3
v5.4.4
v6.*
v6.0.0-RC-1
v6.0.0-RC-2
v6.0.0-RC-3
v6.0.0-RC-4
v6.0.0-RC-5
v6.0.0-RC-6
v6.0.0-RC-7
v6.0.0-RC-8
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9