First published: Tue Sep 24 2019(Updated: )
CVE-2019-12203: Session fixation in "change password" form
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/silverstripe/framework | >=3.6.0<3.6.8>=3.7.0<3.7.4>=4.0.0<4.3.5>=4.4.0<4.4.4 | |
Silverstripe silverstripe | <=4.3.3 | |
composer/silverstripe/framework | >=4.0.0<4.3.5 | 4.3.5 |
composer/silverstripe/framework | >=3.6.0<3.6.8 | 3.6.8 |
composer/silverstripe/framework | >=4.4.0<4.4.4 | 4.4.4 |
composer/silverstripe/framework | >=3.7.0<3.7.4 | 3.7.4 |
<=4.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-12203 is a vulnerability that allows session fixation in the "change password" form in SilverStripe versions through 4.3.3.
CVE-2019-12203 has a severity rating of 6.3, which is considered medium.
CVE-2019-12203 allows session fixation in the "change password" form of SilverStripe, which can lead to unauthorized access to user accounts.
SilverStripe versions through 4.3.3 are affected by CVE-2019-12203.
To fix CVE-2019-12203, upgrade to a version of SilverStripe that is above 4.3.3.