Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-384

CWE-384

Session Fixation

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

404 vulnerabilities with CWE-384

CVE-2023-29019 HIGH

@fastify/passport <1.1.0 - Session Fixation via Preserved sessionId

CVE-2023-2105 HIGH

alextselegidis/easyappointments <1.5.0 - Info Disclosure

CVE-2023-26260 MEDIUM

OXID eShop <6.4.4-6.5.2 - Info Disclosure

CVE-2023-27490 HIGH

next-auth < 4.20.1 - Authentication Bypass via OAuth CSRF Protection Failure

CVE-2023-24456 CRITICAL

Jenkins Keycloak Authentication Plugin <2.3.0 - Info Disclosure

CVE-2023-24427 CRITICAL

Jenkins Bitbucket OAuth Plugin <0.12 - Auth Bypass

CVE-2023-24424 HIGH

Jenkins OpenId Connect Authentication Plugin <2.4 - Auth Bypass

CVE-2023-22479 HIGH

KubePi < 1.6.4 - Session Fixation

CVE-2022-40916 CRITICAL

Tiny File Manager <2.4.7 - Session Fixation

CVE-2022-46480 HIGH

Ultraloq UL3 2nd Gen Smart Lock <02.27.0012 - Info Disclosure

CVE-2022-3916 MEDIUM

Keycloak < 20.0.2 - Insufficient Session Expiration via Offline Access Scope

CVE-2022-31888 HIGH

osTicket <= 1.16.2 - Session Fixation in class.auth.php Login Function

CVE-2022-24895 MEDIUM

Symfony 2.0.0-4.4.49 - Insufficient Session Expiration via CSRF Token Preservation

CVE-2022-43529 MEDIUM

Aruba EdgeConnect Enterprise - Privilege Escalation

CVE-2022-36437 CRITICAL

Hazelcast < 3.12.13 and Hazelcast Jet < 4.5.4 - Unauthenticated Session Fixation

CVE-2022-44017 HIGH

Simmeth Lieferantenmanager <5.6 - Privilege Escalation

CVE-2022-38628 MEDIUM

Nortek Linear eMerge E3-Series <0.32-09a - XSS

CVE-2022-4231 MEDIUM

Tribal Systems Zenario CMS 9.3.57595 - Session Fixation

CVE-2022-44788 MEDIUM

Appalti & Contratti 9.12.2 - Session Fixation

CVE-2022-44007 HIGH

BACKCLICK Professional <5.9.63 - Privilege Escalation

CVE-2022-30769 MEDIUM

ZoneMinder <1.36.12 - Info Disclosure

CVE-2022-43687 MEDIUM

Concrete CMS <8.5.10, 9.0.0-9.1.2 - Info Disclosure

CVE-2022-31689 CRITICAL

VMware Workspace ONE Assist <22.10 - Privilege Escalation

CVE-2022-43398 HIGH

POWER METER SICAM Q100 < V2.50 - Info Disclosure

CVE-2022-40293 CRITICAL

Phppointofsale PHP Point Of Sale - Session Fixation

Previous Page 7 of 17 Next

Details

Vulnerabilities 404

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy