Required CVE Record Information
Description
A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The patch is named e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559.
CVSS 3 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 6.3 | MEDIUM | 3.1 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 6.3 | MEDIUM | 3.0 | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| 5.8 | — | 2.0 | AV:A/AC:L/Au:N/C:P/I:P/A:P |
Credits
- VulDB GitHub Commit Analyzer tool
References 3 Total
- https://vuldb.com/?id.217559 vdb-entrytechnical-description
- https://vuldb.com/?ctiid.217559 signaturepermissions-required
- https://github.com/kassi/xingwall/commit/e9f0d509e1408743048e29d9c099d36e0e1f6ae7 patch
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 3 Total
- https://vuldb.com/?id.217559 vdb-entrytechnical-descriptionx_transferred
- https://vuldb.com/?ctiid.217559 signaturepermissions-requiredx_transferred
- https://github.com/kassi/xingwall/commit/e9f0d509e1408743048e29d9c099d36e0e1f6ae7 patchx_transferred