mod_auth_mellon before 0.13.1 is vulnerable to a Cross...
Moderate severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Mar 13, 2017
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Jan 27, 2023
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site.
References