CVE-2021-3740

Published Nov 15, 2024

Last updated a day ago

CVSS medium 6.8

Overview

Description: A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token.
Source: security@huntr.dev
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.8
Impact score: 5.9
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity: MEDIUM

CVSS 3.0

Type: Secondary
Base score: 6.8
Impact score: 5.9
Exploitability score: 0.9
Vector string: CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity: MEDIUM

Weaknesses

security@huntr.dev: CWE-384

Hype score: Not currently trending

References