CVE-2016-8638
CRITICALipsilon <2.0.2,1.2.1,1.1.2,1.0.3 - Info Disclosure
Title source: llmDescription
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."
References (6)
Core 6
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638
Patch, Vendor Advisory x_refsource_confirm
https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c
Vendor Advisory x_refsource_confirm
https://ipsilon-project.org/advisory/CVE-2016-8638.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94439
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2809.html
Release Notes x_refsource_confirm
https://ipsilon-project.org/release/2.1.0.html
Scores
CVSS v3
9.1
EPSS
0.0212
EPSS Percentile
79.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-384
Status
published
Products (9)
ipsilon_project/ipsilon
1.0.0
ipsilon_project/ipsilon
1.0.1
ipsilon_project/ipsilon
1.0.2
ipsilon_project/ipsilon
1.1.0
ipsilon_project/ipsilon
1.1.1
ipsilon_project/ipsilon
1.2.0
ipsilon_project/ipsilon
2.0.0
ipsilon_project/ipsilon
2.0.1
pypi/ipsilon
2.0.0 - 2.0.2PyPI
Published
Jul 12, 2017
Tracked Since
Feb 18, 2026