CVE-2023-31139 DHIS2 Core unrestricted session cookies with Personal Access Tokens

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.37 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, Personal Access Tokens PATs generate unrestricted session cookies. This may lead to a bypass of other access...