CVE-2022-27305

Published May 25th, 2022

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

6.8

MEDIUM

Affected

1

PROJECT

Description

Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.

Gibbon is a flexible, open source school management platform designed to make life better for teachers, students, parents and leaders.

GitHub

608