CVE-2023-24477

MEDIUM Year: 2023
CVSS v3 Score
7.0
High
Weakness Type
CWE-384
View all →

Vulnerability Description

In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session.

Related Vulnerabilities

CVE-2016-6043

HIGH
CVSS:7.0(High)

Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced.

CWE-3842016

CVE-2022-24781

HIGH
CVSS:7.1(High)

Geon is a board game based on solving questions about the Pythagorean Theorem. Malicious users can obtain the uuid from other users, spoof that uuid through the browser console and become co-owners of...

CWE-3842022

CVE-2024-30262

HIGH
CVSS:7.1(High)

Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember...

CWE-3842024

CVE-2024-56529

HIGH
CVSS:7.1(High)

Mailcow through 2024-11b has a session fixation vulnerability in the web panel. It allows remote attackers to set a session identifier when HSTS is disabled on a victim's browser. After a user logs in...

CWE-3842024

CVE-2024-7341

HIGH
CVSS:7.1(High)

A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin optio...

CWE-3842024

CVE-2018-1492

MEDIUM
CVSS:6.8(Medium)

IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: ...

CWE-3842018