logo

Database

Insecure session management In prestashop/prestashop

Description

Possible CSRF token fixation

Impact

When authenticating users PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation.

Patches

The problem is fixed in version 8.0.1

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-251702. NVD-2023-251703. OSV-2023-251704. GHSA-3g43-x7qr-96ph5. GCVE-2023-25170

References

1. https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3g43-x7qr-96ph

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.