CVE-2024-23679

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes...

Duplicate Advisory: Session fixation in Enonic XP

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4m5p-5w5w-3jcf. This link is maintained to preserve external references. Original Description Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker...

GHSA-4HRP-M3F2-643J Duplicate Advisory: Session fixation in Enonic XP

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4m5p-5w5w-3jcf. This link is maintained to preserve external references. Original Description Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker...

CVE-2024-23679

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes...

CVE-2024-23679

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes...

Session fixation

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes...

CVE-2024-23679 Enonic XP Session Fixation Vulnerability

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes...

CVE-2024-23679

Affected software: Enonic XP

CVE-2024-23679 Enonic XP Session Fixation Vulnerability

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes...

Enonic XP License Issues Vulnerability

Enonic XP is a free and open source web application platform and content management system based on Java and Elasticsearch from Enonic, Inc. A security vulnerability exists in Enonic XP versions prior to 7.7.4 that stems from the lack of an invalid session attribute. An attacker exploiting the...

PT-2022-28162 · Enonic · Enonic Xp

Name of the Vulnerable Software and Affected Versions: Enonic XP versions less than 7.7.4 Description: The issue is a session fixation problem that allows a remote and unauthenticated attacker to use prior sessions due to the lack of invalidating session attributes. This affects all id-providers...

Enonic XP: source code security analysis report

Several vulnerabilities were discovered in Enonic AS 'Enonic XP' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из недоверенных источников HttpOnly...