Описание
A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token.
Уязвимые конфигурации
Конфигурация 1Версия до 2.4.0 (исключая)
cpe:2.3:a:chatwoot:chatwoot:*:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00086
Низкий
6.8 Medium
CVSS3
6.8 Medium
CVSS3
Дефекты
CWE-384
Связанные уязвимости
CVSS3: 6.8
github
около 1 года назад
A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token.
EPSS
Процентиль: 25%
0.00086
Низкий
6.8 Medium
CVSS3
6.8 Medium
CVSS3
Дефекты
CWE-384