CVE-2020-14017
Navigate CMS 2.9 r1433 stores sessions and CSRF tokens as plaintext in /private/sessions. An unauthenticated actor could brute-force identify existing sessions or read the file to view session details, indicating a confidential data exposure risk. The connected documents corroborate the same issu...