Description
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management.
Remediation
References
Related Vulnerabilities
WordPress Plugin DP Maintenance Mode Lite Cross-Site Scripting (1.3.2)
PHP Other Vulnerability (CVE-2002-2214)
phpMyAdmin Other Vulnerability (CVE-2004-2632)
WordPress Plugin WP Social Feed Gallery Unspecified Vulnerability (2.1.1)
MediaWiki Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-35624)