Contact
Search Get started

Session fixation on public links

Aug 2, 2021

  • Risk: low
  • CVSS v3 Base Score: 3.9
  • CVSS v3 Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
  • CWE ID: CWE-384
  • CWE Name: Session Fixation
  • CVE: CVE-2021-35948

Description

The session cookies were not reset after authenticating for public links.

Affected

  • core < 10.8.0

Action taken

Regenerate the session cookies after successful authentication