Description
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value following a successful login to gain access to customer account index page.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Cross-Site Scripting (4.0.1)
Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2020-1967)
WordPress Plugin WP Private Message Insecure Direct Object Reference (1.0.5)
WordPress Plugin LearnPress-WordPress LMS Multiple Cross-Site Scripting Vulnerabilities (4.1.3)