CVE-2022-27305

CVE-2022-27305

EPSS 1.0%

Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://gibbon.com http://gibbonedu.com https://github.com/GibbonEdu/core/security/advisories/GHSA-4mq5-8jvh-qq3p