CVE-2024-23590
CVSS 3.1 Score 9.1 of 10 (high)
Details
Published Nov 4, 2024
Updated: Nov 5, 2024
CWE ID 384
Summary
CVE-2024-23590 is a session fixation vulnerability that has been identified in Apache Kylin. This issue puts affected versions of Apache Kylin, specifically those from 2.0.0 through 4.x, at risk. Hackers can exploit this vulnerability to gain unauthorized access to user sessions by manipulating session IDs. To mitigate this threat, users are advised to upgrade to the latest version, 5.0.0 or above, which includes the necessary patch to resolve the vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Apache Kylin
Affected Vendors
- Apache Software Foundation