CVE-2021-3740
Session Fixation in chatwoot/chatwoot
A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token.
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Productos afectados
chatwoot · chatwoot/chatwoot¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →