- Risk: low
- CVSS v3 Base Score: 3.9
- CVSS v3 Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
- CWE ID: CWE-384
- CWE Name: Session Fixation
- CVE: CVE-2021-35948
Description
The session cookies were not reset after authenticating for public links.
Affected
- core < 10.8.0
Action taken
Regenerate the session cookies after successful authentication