Session Fixation Vulnerability in ZoneMinder by ZoneMinder
CVE-2022-30769

4.6MEDIUM

Key Information:

Vendor: Zoneminder
Status: Zoneminder
Vendor: CVE Published:; 15 November 2022

What is CVE-2022-30769?

A session fixation vulnerability in ZoneMinder allows an attacker to exploit session management mechanisms. By poisoning a session cookie, an attacker can compromise the session of the next user who logs in. This issue exists in ZoneMinder versions up to 1.36.12, highlighting the importance of securing session handling practices to prevent unauthorized access and potential data breaches.

References

https://github.com/ZoneMinder/zoneminder/releases

https://medium.com/%40dk50u1/session-fixation-in-zonemind...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2022
Vulnerability Reserved
May 16, 2022

Zoneminder

What is CVE-2022-30769?

References

CVSS V3.1

Timeline