CVE-2016-8638 – ipsilon

Package

Manager: pip
Name: ipsilon
Vulnerable Version: >=2.0.0 <2.0.2 || >=1.2.0 <1.2.1 || >=1.1.0 <1.1.2 || >=1.0.0 <1.0.3

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.07142 pctl0.91189

Details

Session Fixation in ipsilon A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."

Metadata

Created: 2022-05-14T03:55:23Z
Modified: 2023-02-14T00:46:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-376m-3rm2-9jm6/GHSA-376m-3rm2-9jm6.json
CWE IDs: ["CWE-384"]
Alternative ID: GHSA-376m-3rm2-9jm6
Finding: F280
Auto approve: 1