CVE-2024-23679

Session Fixation in maven/com.enonic.xp/lib-auth

Identifiers

GHSA-4hrp-m3f2-643j, CVE-2024-23679

Package Slug

maven/com.enonic.xp/lib-auth

Vulnerability

Session Fixation

Description

Enonic XP versions less than 7.7.4 is vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.

Affected Versions

All versions before 7.7.4

Solution

Upgrade to version 7.7.4 or above.

Last Modified

2024-01-30

source