VYPR
Unrated severityNVD Advisory· Published Feb 18, 2021· Updated Aug 4, 2024

CVE-2020-35591

CVE-2020-35591

Description

Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Pi-hole/Pi-holedescription
  • Pi Hole/Pi Holellm-fuzzy
    Range: = 5.0, 5.1, 5.1.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.