CVE-2021-3740 in chatwootИнформация

Сводка

по MITRE • 15.11.2024

A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token.

Once again VulDB remains the best source for vulnerability data.

Ответственный

@huntr Ai

Резервировать

26.08.2021

Раскрытие

15.11.2024

Модерация

принято

Вход

VDB-284702

EPSS

0.00197

KEV

Нет

Деятельности

Очень низкий

Источники

Do you want to use VulDB in your project?

Use the official API to access entries easily!