CVE-2024-23679: com.enonic.xp:lib-auth vulnerable to Session Fixation

Severity: Critical

CVSS Score: 9.8

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.