eZ Community » Security Advisories » EZSA-2016-004: Session data migrated...

EZSA-2016-004: Session data migrated between users on logout

Publication date : 13/09/2016
Severity : High
Affected versions : 5.3-5.4, all community versions at time of writing (LegacyBundle/LegacyBridge)
Resolving versions : 5.4.7, 5.3.9

In legacy mode, user session data is migrated to the new session on login as expected, but also on logout. This can lead to local information disclosure and potential privilege escalation vulnerabilities. We strongly recommend that you install this Security Update as soon as possible.

Patch for eZ Platform (LegacyBridge): https://github.com/ezsystems/LegacyBridge/commit/7a2d05b266afa3901139ff2decaa178e08ff46d2

36 542 Users on board!

Community Project menu

Proudly Developed with from