Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users’ sessions. As a mitigation for older releases the user account in question can be archived (3.x) or moved to the trash (2.x and earlier) which does disable the existing session.
CPE | Name | Operator | Version |
---|---|---|---|
apostrophe | lt | 3.4.0 | |
apostrophe | ge | 2.63.0 |