Security Advisory

CVE-2024-29070

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-23 08:13:41

Last updated 2024-09-13 17:04:30

Assigner apache

State PUBLISHED

Description

On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users should upgrade to 2.1.4

← Browse all CVEs View on cve.org ↗