CVE-2024-23679: com.enonic.xp:lib-auth vulnerable to Session Fixation
(updated )
All id-providers using lib-auth login method.
References
- github.com/advisories/GHSA-4m5p-5w5w-3jcf
- github.com/enonic/xp
- github.com/enonic/xp/commit/0189975691e9e6407a9fee87006f730e84f734ff
- github.com/enonic/xp/commit/1f44674eb9ab3fbab7103e8d08067846e88bace4
- github.com/enonic/xp/commit/2abac31cec8679074debc4f1fb69c25930e40842
- github.com/enonic/xp/issues/9253
- github.com/enonic/xp/security/advisories/GHSA-4m5p-5w5w-3jcf
- nvd.nist.gov/vuln/detail/CVE-2024-23679
- vulncheck.com/advisories/vc-advisory-GHSA-4m5p-5w5w-3jcf
Code Behaviors & Features
Detect and mitigate CVE-2024-23679 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →