Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gitblit is vulnerable to session fixation #358

Closed
gitblit opened this issue Aug 12, 2015 · 4 comments
Closed

Gitblit is vulnerable to session fixation #358

gitblit opened this issue Aug 12, 2015 · 4 comments

Comments

@gitblit
Copy link
Owner

@gitblit gitblit commented Aug 12, 2015

Originally reported on Google Code with ID 62

From the gitblit forum:

Gitblit accept url like
http://example.com/gitblit/;jsessionid=8EB3144A6XXXXXXXXX
and jsessionid doesn't change when user login.
So session fixation seems to be possible.

http://en.wikipedia.org/wiki/Session_fixation


Reported by James.Moger on 2012-02-09 13:28:59

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

This is fixed on master for anyone who needs this sooner than later.

Reported by James.Moger on 2012-02-09 13:35:17

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

Reported by James.Moger on 2012-02-09 22:50:44

  • Status changed: Queued

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

Fixed in v0.9.1

Reported by James.Moger on 2012-03-28 00:02:10

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

Fixed in v0.9.1. Closing.

Reported by James.Moger on 2012-03-28 00:03:13

  • Status changed: Fixed

@gitblit gitblit closed this as completed Aug 12, 2015
@flaix flaix added this to the 0.9.0 milestone Dec 13, 2016
@flaix flaix added this to the 0.9.0 milestone Dec 13, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants