VYPR
Unrated severityNVD Advisory· Published Nov 15, 2024· Updated Nov 15, 2024

Session Fixation in chatwoot/chatwoot

CVE-2021-3740

Description

A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Chatwoot/Chatwootllm-fuzzy2 versions
    <2.4.0+ 1 more
    • (no CPE)range: <2.4.0
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.