Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00aHJwLW0zZjItNjQzas4AA4lt
Session fixation in Enonic XP
Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.
Permalink: https://github.com/advisories/GHSA-4hrp-m3f2-643jJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00aHJwLW0zZjItNjQzas4AA4lt
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 11 months ago
Updated: 10 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-4hrp-m3f2-643j, CVE-2024-23679
References:
- https://github.com/enonic/xp/security/advisories/GHSA-4m5p-5w5w-3jcf
- https://nvd.nist.gov/vuln/detail/CVE-2024-23679
- https://github.com/enonic/xp/issues/9253
- https://github.com/enonic/xp/commit/0189975691e9e6407a9fee87006f730e84f734ff
- https://github.com/enonic/xp/commit/1f44674eb9ab3fbab7103e8d08067846e88bace4
- https://github.com/enonic/xp/commit/2abac31cec8679074debc4f1fb69c25930e40842
- https://github.com/advisories/GHSA-4m5p-5w5w-3jcf
- https://vulncheck.com/advisories/vc-advisory-GHSA-4m5p-5w5w-3jcf
- https://github.com/advisories/GHSA-4hrp-m3f2-643j
Blast Radius: 1.0
Affected Packages
maven:com.enonic.xp:lib-auth
Dependent packages: 1Dependent repositories: 0
Downloads:
Affected Version Ranges: < 7.7.4
Fixed in: 7.7.4
All affected versions:
All unaffected versions: 7.11.0, 7.11.1, 7.11.3, 7.12.0, 7.12.1, 7.12.2, 7.13.0, 7.13.1, 7.13.2, 7.13.3, 7.13.4, 7.13.5, 7.14.0, 7.14.1, 7.14.2, 7.14.3, 7.14.4