{"id":"PYSEC-2022-43135","details":"FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges.","aliases":["CVE-2022-25510","GHSA-f897-875p-23x7"],"modified":"2024-11-25T22:42:25.732524Z","published":"2022-03-11T00:15:00Z","references":[{"type":"REPORT","url":"https://github.com/FreeTAKTeam/FreeTakServer/issues/292"}],"affected":[{"package":{"name":"freetakserver","ecosystem":"PyPI","purl":"pkg:pypi/freetakserver"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.8.5"}]}],"versions":["0.0.1.5","0.1.0","0.1.1","0.1.1.0.1","0.1.1.0.2","0.1.1.0.3","0.1.2","0.1.3","0.1.3.9.4","0.1.4","0.1.5","0.1.5.1","0.1.5.2","0.1.5.3","0.1.5.4","0.1.5.5","0.1.5.5.1","0.1.5.5.2","0.1.5.6","0.1.5.7","0.1.5.8","0.1.6","0.1.7.3","0.1.8","0.1.8.1","0.1.9","0.1.9.1","0.1.9.1.5","0.1.9.2","0.1.9.2.5","0.1.9.5.6","0.1.9.8.5","0.1.9.9.1","0.1.9.9.5.5","0.111","0.112","0.2.0.11a0","0.2.0.13","0.2.0.17b0","0.2.1.0","0.2.1.1","0.2.1.2","0.2.1a1","0.2a1","0.8.13","0.8.19","0.8.19.6","0.8.19.6.1","0.8.19.6.2","0.8.19.6.3","0.8.20","0.8.20.1","0.8.21","0.8.22","0.8.23","0.8.50","0.8.50.1","0.8.75","0.8.75.1","0.8.76","0.9.9","0.9.9.1","0.9.9.2","1.0.3","1.1","1.1.1","1.1.2","1.2","1.2.0.1","1.2.0.2","1.2.5","1.3","1.3.0.5","1.3.0.6","1.5.10","1.5.10.1","1.5.10.2","1.5.12","1.7.1","1.7.5","1.8","1.8.1","1.9","1.9.1","1.9.1.5","1.9.5","1.9.5.1","1.9.6","1.9.6.1","1.9.7","1.9.8"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/freetakserver/PYSEC-2022-43135.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}