CherryPy Cookie Session Id Information Disclosure Vulnerability

info
discussion
exploit
solution
references

CherryPy Cookie Session Id Information Disclosure Vulnerability

CherryPy is prone to an information-disclosure vulnerability because it fails to properly validate user access rights before performing certain actions.

Exploiting this issue may allow an attacker to bypass certain security restrictions and obtain potentially sensitive information; other attacks are also possible.

This issue affects CherryPy 2.2.1 and 3.0.2.