CVE-2021-21032

Insufficient Session Expiration in packagist/magento/community-edition

Identifiers

CVE-2021-21032

Package Slug

packagist/magento/community-edition

Vulnerability

Insufficient Session Expiration

Description

Magento does not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access to restricted resources. Access to the admin console is not required for successful exploitation.

Affected Versions

All versions before 2.3.6, all versions starting from 2.4.0 up to 2.4.1

Solution

Upgrade to versions 2.3.6, 2.4.1-p1 or above.

Last Modified

2021-02-18

source