CVE-2021-3740

CVSS V2 None CVSS V3 None

Description

A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token.

Overview

CVE ID
CVE-2021-3740

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-11-15T10:57:09.236Z

Last Modified Date
2024-11-15T19:03:09.228Z

Weakness Enumerations

CWE	URL
CWE-384	http://cwe.mitre.org/data/definitions/384.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/1625470476437-chatwoot/chatwoot
https://github.com/chatwoot/chatwoot/commit/6fdd4a29969be8423f31890b807d27d13627c50c

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2021-3740
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3740

History

Created	Old Value	New Value	Data Type	Notes
2024-11-16 12:04:09				Added to TrackCVE