Description
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore.
Remediation
References
Related Vulnerabilities
WordPress Plugin Coming Soon & Maintenance Mode Page Unspecified Vulnerability (1.40)
PostgreSQL Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2022-2625)
MediaWiki Other Vulnerability (CVE-2006-2895)
WordPress Plugin NextGEN Gallery-WordPress Gallery Privilege Escalation (3.2.2)
WordPress Plugin Menu Image Malware/Addware Notification (2.6.9)