{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T15:21:56.903","vulnerabilities":[{"cve":{"id":"CVE-2021-3740","sourceIdentifier":"security@huntr.dev","published":"2024-11-15T11:15:04.987","lastModified":"2025-07-10T16:31:02.063","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token."},{"lang":"es","value":"Existe una vulnerabilidad de fijación de sesión en las versiones de chatwoot/chatwoot anteriores a la 2.4.0. La aplicación no invalida las sesiones existentes en otros dispositivos cuando un usuario cambia su contraseña, lo que permite que las sesiones antiguas persistan. Esto puede provocar un acceso no autorizado si un atacante ha obtenido un token de sesión."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:chatwoot:chatwoot:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.0","matchCriteriaId":"E505E965-7648-4B41-A674-9E6ABB68D080"}]}]}],"references":[{"url":"https://github.com/chatwoot/chatwoot/commit/6fdd4a29969be8423f31890b807d27d13627c50c","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/1625470476437-chatwoot/chatwoot","source":"security@huntr.dev","tags":["Broken Link"]}]}}]}