First published: Mon Jun 27 2022(Updated: )
CVE-2022-24444: Hybridsessions does not expire session id on logout
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/silverstripe/hybridsessions | >=1.0.0<2.4.1>=2.5.0<2.5.1 | |
Silverstripe silverstripe | <=2.4.0 | |
Silverstripe silverstripe | =2.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-24444 is a vulnerability in Silverstripe framework that allows Session Fixation.
CVE-2022-24444 has a severity score of 6.5 (medium).
Versions 1.0.0 up to 2.4.1 of hybridsessions, version 2.4.0 of Silverstripe, and version 2.5.0 of Silverstripe are affected.
To fix CVE-2022-24444, it is recommended to update to version 2.5.1 of hybridsessions or version 4.10.1 of Silverstripe framework.
You can find more information about CVE-2022-24444 in the following references: [Silverstripe security releases](https://www.silverstripe.org/download/security-releases/cve-2022-24444), [Silverstripe changelogs](https://docs.silverstripe.org/en/4/changelogs/4.10.1/), and the [Silverstripe forum](https://forum.silverstripe.org/c/releases).