CVE Vulnerabilities

CVE-2024-23590

Session Fixation

Published: Nov 04, 2024 | Modified: Jul 10, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Session Fixation vulnerability in Apache Kylin.

This issue affects Apache Kylin: from 2.0.0 through 4.x.

Users are recommended to upgrade to version 5.0.0 or above, which fixes the issue.

Weakness

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

Affected Software

Name Vendor Start Version End Version
Kylin Apache 2.0.0 (including) 5.0.0 (excluding)

Extended Description

Such a scenario is commonly observed when:

Potential Mitigations

References