Description
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value following a successful login to gain access to customer account index page.
Remediation
References
Related Vulnerabilities
Jenkins Insufficient Session Expiration Vulnerability (CVE-2019-1003049)
Lighttpd Other Vulnerability (CVE-2007-3947)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.22)
MySQL CVE-2019-2530 Vulnerability (CVE-2019-2530)
WordPress Plugin Advanced Text Widget 'page' Parameter Cross-Site Scripting (2.0.0)