Published: 01/07/2022 Updated: 13/07/2022

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 4.8 | Impact Score: 2.5 | Exploitability Score: 2.2

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

This affects the package passport prior to 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.

Vulnerable Product	Search on Vulmon	Subscribe to Product
passport project passport

Debian Bug report logs - #1014385 passportjs: CVE-2022-25896 - regenerates stale session on user login Package: src:passportjs; Maintainer for src:passportjs is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Neil Williams <codehelp@debianorg> Date: Tue, 5 Jul 2022 09:00:01 ...

Synopsis Moderate: Red Hat Advanced Cluster Management 262 security update and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 262 GeneralAvailability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security i ...

This affects the package passport before 060 When a user logs in or logs out, the session is regenerated instead of being closed ...

CWE-384 https://github.com/jaredhanson/passport/pull/900 https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631 https://github.com/jaredhanson/passport/commit/7e9b9cf4d7be02428e963fc729496a45baeea608 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014385 https://nvd.nist.gov

CVE-2022-25896

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect