Vulnerability Details CVE-2024-23679
Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.7%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/advisories/GHSA-4m5p-5w5w-3jcf
- https://github.com/enonic/xp/commit/0189975691e9e6407a9fee87006f730e84f734ff
- https://github.com/enonic/xp/commit/1f44674eb9ab3fbab7103e8d08067846e88bace4
- https://github.com/enonic/xp/commit/2abac31cec8679074debc4f1fb69c25930e40842
- https://github.com/enonic/xp/issues/9253
- https://github.com/enonic/xp/security/advisories/GHSA-4m5p-5w5w-3jcf
- https://vulncheck.com/advisories/vc-advisory-GHSA-4m5p-5w5w-3jcf
- https://github.com/advisories/GHSA-4m5p-5w5w-3jcf
- https://github.com/enonic/xp/commit/0189975691e9e6407a9fee87006f730e84f734ff
- https://github.com/enonic/xp/commit/1f44674eb9ab3fbab7103e8d08067846e88bace4
- https://github.com/enonic/xp/commit/2abac31cec8679074debc4f1fb69c25930e40842
- https://github.com/enonic/xp/issues/9253
- https://github.com/enonic/xp/security/advisories/GHSA-4m5p-5w5w-3jcf
- https://vulncheck.com/advisories/vc-advisory-GHSA-4m5p-5w5w-3jcf
Products affected by CVE-2024-23679
-
cpe:2.3:a:enonic:xp:-
-
cpe:2.3:a:enonic:xp:5.0.0
-
cpe:2.3:a:enonic:xp:5.0.1
-
cpe:2.3:a:enonic:xp:5.1.0
-
cpe:2.3:a:enonic:xp:5.2.0
-
cpe:2.3:a:enonic:xp:5.3.0
-
cpe:2.3:a:enonic:xp:5.3.1
-
cpe:2.3:a:enonic:xp:6.0.0
-
cpe:2.3:a:enonic:xp:6.1.0
-
cpe:2.3:a:enonic:xp:6.1.1
-
cpe:2.3:a:enonic:xp:6.10.0
-
cpe:2.3:a:enonic:xp:6.10.1
-
cpe:2.3:a:enonic:xp:6.10.2
-
cpe:2.3:a:enonic:xp:6.10.3
-
cpe:2.3:a:enonic:xp:6.11.0
-
cpe:2.3:a:enonic:xp:6.11.1
-
cpe:2.3:a:enonic:xp:6.12.0
-
cpe:2.3:a:enonic:xp:6.12.1
-
cpe:2.3:a:enonic:xp:6.12.2
-
cpe:2.3:a:enonic:xp:6.12.3
-
cpe:2.3:a:enonic:xp:6.13.0
-
cpe:2.3:a:enonic:xp:6.13.1
-
cpe:2.3:a:enonic:xp:6.14.0
-
cpe:2.3:a:enonic:xp:6.14.1
-
cpe:2.3:a:enonic:xp:6.14.2
-
cpe:2.3:a:enonic:xp:6.14.3
-
cpe:2.3:a:enonic:xp:6.15.0
-
cpe:2.3:a:enonic:xp:6.15.1
-
cpe:2.3:a:enonic:xp:6.15.10
-
cpe:2.3:a:enonic:xp:6.15.11
-
cpe:2.3:a:enonic:xp:6.15.12
-
cpe:2.3:a:enonic:xp:6.15.13
-
cpe:2.3:a:enonic:xp:6.15.2
-
cpe:2.3:a:enonic:xp:6.15.3
-
cpe:2.3:a:enonic:xp:6.15.4
-
cpe:2.3:a:enonic:xp:6.15.5
-
cpe:2.3:a:enonic:xp:6.15.6
-
cpe:2.3:a:enonic:xp:6.15.7
-
cpe:2.3:a:enonic:xp:6.15.8
-
cpe:2.3:a:enonic:xp:6.15.9
-
cpe:2.3:a:enonic:xp:6.2.0
-
cpe:2.3:a:enonic:xp:6.2.1
-
cpe:2.3:a:enonic:xp:6.3.0
-
cpe:2.3:a:enonic:xp:6.3.1
-
cpe:2.3:a:enonic:xp:6.4.0
-
cpe:2.3:a:enonic:xp:6.4.1
-
cpe:2.3:a:enonic:xp:6.4.2
-
cpe:2.3:a:enonic:xp:6.4.3
-
cpe:2.3:a:enonic:xp:6.5.0
-
cpe:2.3:a:enonic:xp:6.5.1
-
cpe:2.3:a:enonic:xp:6.5.2
-
cpe:2.3:a:enonic:xp:6.5.3
-
cpe:2.3:a:enonic:xp:6.5.4
-
cpe:2.3:a:enonic:xp:6.6.0
-
cpe:2.3:a:enonic:xp:6.6.1
-
cpe:2.3:a:enonic:xp:6.6.2
-
cpe:2.3:a:enonic:xp:6.7.0
-
cpe:2.3:a:enonic:xp:6.7.1
-
cpe:2.3:a:enonic:xp:6.7.2
-
cpe:2.3:a:enonic:xp:6.7.3
-
cpe:2.3:a:enonic:xp:6.8.0
-
cpe:2.3:a:enonic:xp:6.8.1
-
cpe:2.3:a:enonic:xp:6.9.0
-
cpe:2.3:a:enonic:xp:6.9.1
-
cpe:2.3:a:enonic:xp:6.9.2
-
cpe:2.3:a:enonic:xp:6.9.3
-
cpe:2.3:a:enonic:xp:6.9.4
-
cpe:2.3:a:enonic:xp:7.0.0
-
cpe:2.3:a:enonic:xp:7.0.1
-
cpe:2.3:a:enonic:xp:7.0.2
-
cpe:2.3:a:enonic:xp:7.0.3
-
cpe:2.3:a:enonic:xp:7.1.0
-
cpe:2.3:a:enonic:xp:7.1.1
-
cpe:2.3:a:enonic:xp:7.1.2
-
cpe:2.3:a:enonic:xp:7.1.3
-
cpe:2.3:a:enonic:xp:7.2.0
-
cpe:2.3:a:enonic:xp:7.2.1
-
cpe:2.3:a:enonic:xp:7.2.2
-
cpe:2.3:a:enonic:xp:7.2.3
-
cpe:2.3:a:enonic:xp:7.2.4
-
cpe:2.3:a:enonic:xp:7.3.0
-
cpe:2.3:a:enonic:xp:7.3.1
-
cpe:2.3:a:enonic:xp:7.3.2
-
cpe:2.3:a:enonic:xp:7.4.0
-
cpe:2.3:a:enonic:xp:7.4.1
-
cpe:2.3:a:enonic:xp:7.5.0
-
cpe:2.3:a:enonic:xp:7.6.0
-
cpe:2.3:a:enonic:xp:7.6.1
-
cpe:2.3:a:enonic:xp:7.7.0
-
cpe:2.3:a:enonic:xp:7.7.1
-
cpe:2.3:a:enonic:xp:7.7.2
-
cpe:2.3:a:enonic:xp:7.7.3
-
cpe:2.3:a:enonic:xp:7.8.0