{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-29T15:04:17.524","vulnerabilities":[{"cve":{"id":"CVE-2024-23679","sourceIdentifier":"disclosure@vulncheck.com","published":"2024-01-19T21:15:10.073","lastModified":"2026-06-17T07:13:22.293","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes."},{"lang":"es","value":"Las versiones de Enonic XP inferiores a 7.7.4 son vulnerables a un problema de reparación de sesión. Un atacante remoto y no autenticado puede utilizar sesiones anteriores debido a la falta de atributos de sesión invalidantes."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"com.enonic.xp:lib-auth","versions":[{"version":"0","lessThan":"7.7.4","versionType":"maven","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-05-09T23:34:29.069781Z","id":"CVE-2024-23679","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-384"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enonic:xp:*:*:*:*:*:*:*:*","versionEndExcluding":"7.7.4","matchCriteriaId":"3FC6521F-C0B8-4FE8-BE06-FAB57CFFE61A"},{"vulnerable":true,"criteria":"cpe:2.3:a:enonic:xp:7.8.0:beta1:*:*:*:*:*:*","matchCriteriaId":"0231ECC2-744B-4441-942B-514C943F7294"},{"vulnerable":true,"criteria":"cpe:2.3:a:enonic:xp:7.8.0:beta2:*:*:*:*:*:*","matchCriteriaId":"DD92F3AC-0C60-4588-B5DE-3488F7B38C18"},{"vulnerable":true,"criteria":"cpe:2.3:a:enonic:xp:7.8.0:beta3:*:*:*:*:*:*","matchCriteriaId":"7B807EF9-DADE-4C67-8AAF-E29C70D8D32F"},{"vulnerable":true,"criteria":"cpe:2.3:a:enonic:xp:7.8.0:rc1:*:*:*:*:*:*","matchCriteriaId":"0BB4FF1C-13D7-4385-A4EB-27750E88AE3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:enonic:xp:7.8.0:rc2:*:*:*:*:*:*","matchCriteriaId":"890C984E-B1AD-4213-B355-DB26E6B1BE8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:enonic:xp:7.8.0:rc3:*:*:*:*:*:*","matchCriteriaId":"E156CC35-DC76-463E-8882-86C36814976E"}]}]}],"references":[{"url":"https://github.com/advisories/GHSA-4m5p-5w5w-3jcf","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/enonic/xp/commit/0189975691e9e6407a9fee87006f730e84f734ff","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/enonic/xp/commit/1f44674eb9ab3fbab7103e8d08067846e88bace4","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/enonic/xp/commit/2abac31cec8679074debc4f1fb69c25930e40842","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://github.com/enonic/xp/issues/9253","source":"disclosure@vulncheck.com","tags":["Issue Tracking"]},{"url":"https://github.com/enonic/xp/security/advisories/GHSA-4m5p-5w5w-3jcf","source":"disclosure@vulncheck.com","tags":["Patch","Vendor Advisory"]},{"url":"https://vulncheck.com/advisories/vc-advisory-GHSA-4m5p-5w5w-3jcf","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://github.com/advisories/GHSA-4m5p-5w5w-3jcf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/enonic/xp/commit/0189975691e9e6407a9fee87006f730e84f734ff","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/enonic/xp/commit/1f44674eb9ab3fbab7103e8d08067846e88bace4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/enonic/xp/commit/2abac31cec8679074debc4f1fb69c25930e40842","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/enonic/xp/issues/9253","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/enonic/xp/security/advisories/GHSA-4m5p-5w5w-3jcf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://vulncheck.com/advisories/vc-advisory-GHSA-4m5p-5w5w-3jcf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}