CVE-2024-23679
Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.
| Software | From | Fixed in |
|---|---|---|
| enonic / xp | - | 7.7.4 |
| enonic / xp | 7.8.0-rc2 | 7.8.0-rc2.x |
| enonic / xp | 7.8.0-rc3 | 7.8.0-rc3.x |
| enonic / xp | 7.8.0-beta1 | 7.8.0-beta1.x |
| enonic / xp | 7.8.0-beta2 | 7.8.0-beta2.x |
| enonic / xp | 7.8.0-beta3 | 7.8.0-beta3.x |
| enonic / xp | 7.8.0-rc1 | 7.8.0-rc1.x |
com.enonic.xp / lib-auth
|
- | 7.7.4 |
- https://github.com/advisories/GHSA-4m5p-5w5w-3jcf
- https://github.com/enonic/xp/commit/0189975691e9e6407a9fee87006f730e84f734ff
- https://github.com/enonic/xp/commit/1f44674eb9ab3fbab7103e8d08067846e88bace4
- https://github.com/enonic/xp/commit/2abac31cec8679074debc4f1fb69c25930e40842
- https://github.com/enonic/xp/issues/9253
- https://github.com/enonic/xp/security/advisories/GHSA-4m5p-5w5w-3jcf
- https://vulncheck.com/advisories/vc-advisory-GHSA-4m5p-5w5w-3jcf
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime