Security Advisory

CVE-2021-3740

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-11-15 10:57:09

Last updated 2024-11-15 19:03:09

Assigner @huntr_ai

State PUBLISHED

Description

A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token.

← Browse all CVEs View on cve.org ↗