Maven package
com.enonic.xp/lib-auth
pkg:maven/com.enonic.xp/lib-auth
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-23679 | Cri | 9.8 | < 7.7.4 | 7.7.4 | Jan 19, 2024 | Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes. |
- affected < 7.7.4fixed 7.7.4
Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.