An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02NjU3LTk3NDMtNG1jNs4AAwF4

Tribal Systems Zenario CMS vulnerable to Session Fixation

Tribal Systems Zenario CMS 9.3.57595 is vulnerable to session fixation. In Zenario CMS, the user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after user logout and login again into the application when "Remember me" option active. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with. The attack may be initiated remotely and an exploit has been disclosed.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago

CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Identifiers: GHSA-6657-9743-4mc6, CVE-2022-4231

Affected Packages

Versions: <= 9.3.57595
No known fixed version