CVE-2024-10318MEDIUMCVSS 5.1fixed in 2024-10-24·≥ fa1ad160e2637d1d583611124478039170d726ab, < 133504f4fd9f72f3e36668f9f2f3d32a86fcb2692024-11-06
CVE-2024-10318 [MEDIUM] CWE-384 CVE-2024-10318: A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacke
cvelistv5nvd