session fixation in kubeoperator/kubepi
Jan 6th 2023
A session fixation attack allows an attacker to hijack a legitimate user session. The attack investigates a flaw in how the online application handles the session ID, especially the susceptible web application.
Proof of Concept
A successful session fixation attack gives the attacker access to the victim's account. This could mean access to higher level privileges or the ability to look at sensitive data.
We are processing your report and will contact the kubeoperator/kubepi team within 24 hours. 3 months ago
Application Version is KubePi API V1.0
We have contacted a member of the kubeoperator/kubepi team and are waiting to hear back 3 months ago
A kubeoperator/kubepi maintainer validated this vulnerability 3 months ago
sachinh09 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Hello Team, Thanks for the respond, Could you kindly assist me in receiving the bounty?
Hello Wanghe, this is a high vulnerability can you please assign CVE
to join this conversation