CVE-2023-52268

CRITICAL Year: 2023
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-384
View all →

Vulnerability Description

The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub.

Related Vulnerabilities

CVE-2016-8638

CRITICAL
CVSS:9.1(Critical)

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to...

CWE-3842016

CVE-2017-3968

CRITICAL
CVSS:9.1(Critical)

Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers t...

CWE-3842017

CVE-2020-12258

CRITICAL
CVSS:9.1(Critical)

rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerabi...

CWE-3842020

CVE-2020-8990

CRITICAL
CVSS:9.1(Critical)

Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation.

CWE-3842020

CVE-2020-9370

CRITICAL
CVSS:9.1(Critical)

HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking.

CWE-3842020

CVE-2022-36437

CRITICAL
CVSS:9.1(Critical)

The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connectio...

CWE-3842022