CVE-2025-1412

LOW Year: 2025
CVSS v3 Score
3.1
Low
Weakness Type
CWE-384
View all →

Vulnerability Description

Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot.

Related Vulnerabilities

CVE-2018-16463

LOW
CVSS:3.1(Low)

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.

CWE-3842018

CVE-2017-1270

LOW
CVSS:3.3(Low)

IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie...

CWE-3842017

CVE-2018-11567

LOW
CVSS:3.3(Low)

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds,...

CWE-3842018

CVE-2018-1962

LOW
CVSS:3.3(Low)

IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access...

CWE-3842018

CVE-2020-6824

LOW
CVSS:2.8(Low)

Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Priva...

CWE-3842020

CVE-2024-0351

LOW
CVSS:3.5(Low)

A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to ini...

CWE-3842024