Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.
{ "nvd_published_at": "2024-01-19T21:15:10Z", "cwe_ids": [ "CWE-384" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-01-29T22:30:31Z" }