CVE-2022-24444: Hybridsessions does not expire session id on logout
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.
References
- docs.silverstripe.org/en/4/changelogs/4.10.1/
- forum.silverstripe.org/c/releases
- github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/hybridsessions/CVE-2022-24444.yaml
- github.com/advisories/GHSA-c7q8-m4xw-c674
- nvd.nist.gov/vuln/detail/CVE-2022-24444
- www.silverstripe.org/blog/tag/release
- www.silverstripe.org/download/security-releases/
- www.silverstripe.org/download/security-releases/cve-2022-24444
Detect and mitigate CVE-2022-24444 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →