CVE-2024-23590

CWE-3844 documents4 sources

Severity

9.1CRITICAL

EPSS

0.3%

top 44.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Kylin Apache Kylin

Timeline

PublishedNov 4

Description

Session Fixation vulnerability in Apache Kylin. This issue affects Apache Kylin: from 2.0.0 through 4.x. Users are recommended to upgrade to version 5.0.0 or above, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶NVDapache/kylin2.0.0 — 5.0.0

▶Mavenorg.apache.kylin:kylin2.0.0 — 5.0.0

▶CVEListV5apache_software_foundation/apache_kylin2.0.0 — 5.0.0

🔴Vulnerability Details

OSV

Apache Kylin Session Fixation vulnerability↗2024-11-04

▶

GHSA

Apache Kylin Session Fixation vulnerability↗2024-11-04

▶

CVEList

Apache Kylin: Session fixation in web interface↗2024-11-04

▶