Devops Loop
Monthly
Session hijacking in IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 allows an authenticated user to impersonate another user because session IDs are not invalidated after they expire (CWE-613). An attacker who obtains or reuses a stale session identifier can act with the victim's identity, producing high confidentiality and integrity impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Session hijacking in IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 allows an authenticated user to impersonate another user because session IDs are not invalidated after they expire (CWE-613). An attacker who obtains or reuses a stale session identifier can act with the victim's identity, producing high confidentiality and integrity impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.