CVE-2022-2306

Old session tokens can be used to authenticate to the application and send authenticated requests.