Vulnerability Details CVE-2022-27305
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
Products affected by CVE-2022-27305
-
cpe:2.3:a:gibbonedu:gibbon:10.0.00
-
cpe:2.3:a:gibbonedu:gibbon:11.0.00
-
cpe:2.3:a:gibbonedu:gibbon:12.0.00
-
cpe:2.3:a:gibbonedu:gibbon:13.0.00
-
cpe:2.3:a:gibbonedu:gibbon:13.0.01
-
cpe:2.3:a:gibbonedu:gibbon:13.0.02
-
cpe:2.3:a:gibbonedu:gibbon:14.0.00
-
cpe:2.3:a:gibbonedu:gibbon:14.0.01
-
cpe:2.3:a:gibbonedu:gibbon:15.0.00
-
cpe:2.3:a:gibbonedu:gibbon:15.0.01
-
cpe:2.3:a:gibbonedu:gibbon:16.0.00
-
cpe:2.3:a:gibbonedu:gibbon:16.0.01
-
cpe:2.3:a:gibbonedu:gibbon:17.0.00
-
cpe:2.3:a:gibbonedu:gibbon:18.0.00
-
cpe:2.3:a:gibbonedu:gibbon:18.0.01
-
cpe:2.3:a:gibbonedu:gibbon:19.0.00
-
cpe:2.3:a:gibbonedu:gibbon:20.0.00
-
cpe:2.3:a:gibbonedu:gibbon:21.0.00
-
cpe:2.3:a:gibbonedu:gibbon:21.0.01
-
cpe:2.3:a:gibbonedu:gibbon:22.0.00
-
cpe:2.3:a:gibbonedu:gibbon:22.0.01
-
cpe:2.3:a:gibbonedu:gibbon:23.0.00
-
cpe:2.3:a:gibbonedu:gibbon:23.0.01
-
cpe:2.3:a:gibbonedu:gibbon:7.0.00
-
cpe:2.3:a:gibbonedu:gibbon:7.0.01
-
cpe:2.3:a:gibbonedu:gibbon:7.1.00
-
cpe:2.3:a:gibbonedu:gibbon:7.1.01
-
cpe:2.3:a:gibbonedu:gibbon:7.1.02
-
cpe:2.3:a:gibbonedu:gibbon:8.0.00
-
cpe:2.3:a:gibbonedu:gibbon:8.0.01
-
cpe:2.3:a:gibbonedu:gibbon:8.0.02
-
cpe:2.3:a:gibbonedu:gibbon:8.0.03
-
cpe:2.3:a:gibbonedu:gibbon:8.0.04
-
cpe:2.3:a:gibbonedu:gibbon:8.0.05
-
cpe:2.3:a:gibbonedu:gibbon:8.0.06
-
cpe:2.3:a:gibbonedu:gibbon:8.1.00
-
cpe:2.3:a:gibbonedu:gibbon:8.2.00
-
cpe:2.3:a:gibbonedu:gibbon:8.3.00
-
cpe:2.3:a:gibbonedu:gibbon:9.0.00
-
cpe:2.3:a:gibbonedu:gibbon:9.1.00