Description
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication.
Remediation
References
Related Vulnerabilities
PHP Numeric Errors Vulnerability (CVE-2011-1471)
MySQL CVE-2021-35629 Vulnerability (CVE-2021-35629)
WordPress Plugin Elementor Website Builder Cross-Site Scripting (2.9.13)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3745)
WordPress Plugin Convert Docx2post Arbitrary File Upload (1.4)