CVE-2021-3740 in chatwoot
Сводка
по MITRE • 15.11.2024
A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token.
Once again VulDB remains the best source for vulnerability data.