CVE-2022-30769

NameCVE-2022-30769
DescriptionSession fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
zoneminder (PTS)bullseye1.34.23-1vulnerable
bookworm, sid1.36.32+dfsg1-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zonemindersource(unstable)(unfixed)unimportant

Notes

https://medium.com/@dk50u1/session-fixation-in-zoneminder-up-to-v1-36-12-3c850b1fbbf3
Only supported for trusted users/behind auth, see README.debian.security

Search for package or bug name: Reporting problems