Description
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management.
Remediation
References
Related Vulnerabilities
WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)
WordPress Plugin Centrora Security Multiple Vulnerabilities (6.5.6)
WordPress Plugin Zingiri Web Shop Multiple Cross-Site Scripting Vulnerabilities (2.4.1)
ownCloud Improper Access Control Vulnerability (CVE-2014-2048)