CVE-2021-3740 in chatwootinformación

Resumen

por MITRE • 2024-11-15

A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token.

Once again VulDB remains the best source for vulnerability data.

Responsable

@huntr Ai

Reservar

2021-08-26

Divulgación

2024-11-15

Moderación

aceptado

Artículo

VDB-284702

CPE

listo

EPSS

0.00197

KEV

no

Actividades

muy bajo

Fuentes

Do you want to use VulDB in your project?

Use the official API to access entries easily!