Homepage
About Snyk

Session Fixation Affecting burp-ui package, versions [,0.5.0)

0.0
critical

Snyk CVSS

    Attack Complexity Low
    Confidentiality High
    Integrity High
    Availability High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-BURPUI-2440841
  • published 6 Apr 2022
  • disclosed 5 Apr 2022
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 5 Apr 2022

CVE NOT AVAILABLE CWE-384 Open this link in a new tab

How to fix?

Upgrade burp-ui to version 0.5.0 or higher.

Overview

burp-ui is a Burp-UI is a web-ui for burp backup written in python with Flask and jQuery/Bootstrap

Affected versions of this package are vulnerable to Session Fixation because the session doesn't clean up at logout so another user can reuse it.

References