GHSA-4hrp-m3f2-643j, CVE-2024-23679
maven/com.enonic.xp/lib-auth
Session Fixation
Enonic XP versions less than 7.7.4 is vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.
All versions before 7.7.4
Upgrade to version 7.7.4 or above.
2024-01-30
source |