OneDev
Dashboards
Projects
Global Views
Code Search
server
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
Audit Log
OneDev 14.0.5
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues OD-2626
Potential session fixation attack (OD-2626)
Robin Shen opened 1 month ago

Session should be replaced upon login to prevent session fixation attack

History
  • Robin Shen changed fields 1 month ago
    Name Previous Value Current Value 
    Priority
    		 
    Normal
    		 
    Major
  • OneDev commented 1 month ago

    State changed as code fixing the issue is committed (afb984e5)

  • OneDev changed state to 'Closed' 1 month ago
    Previous Value Current Value 
    Open
    		 
    Closed
  • OneDev commented 1 month ago

    State changed as build OD-6864 (13.1.4) is successful

  • OneDev changed state to 'Released' 1 month ago
    Previous Value Current Value 
    Closed
    		 
    Released
  • Robin Shen changed title 1 month ago
    Previous Value Current Value 
    Session not replaced upon login
    		 
    Potential session fixation attack
issue 1/1
Type
Security Vulnerability
Priority
Major
Assignee
Robin Shen
Labels
No labels
Issue Votes (0)
Login to vote
Watchers (3)
Reference
OD-2626
Please wait...
Connection lost or session expired, reload to recover
Page is in error, reload to recover