CVE-2021-21031

Insufficient Session Expiration in packagist/magento/community-edition

Identifier

CVE-2021-21031

Package Slug

packagist/magento/community-edition

Vulnerability

Insufficient Session Expiration

Description

Magento does not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.

Affected Versions

All versions before 2.3.6, all versions starting from 2.4.0 up to 2.4.1

Solution

Upgrade to versions 2.3.6, 2.4.1-p1 or above.

Last Modified

2021-02-18

source