Description
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value following a successful login to gain access to customer account index page.
Remediation
References
Related Vulnerabilities
GlassFish CVE-2017-10391 Vulnerability (CVE-2017-10391)
SharePoint CVE-2021-31948 Vulnerability (CVE-2021-31948)
WordPress Plugin 301 Redirects-Easy Redirect Manager Cross-Site Request Forgery (2.72)
WordPress Plugin Open Graph for Facebook, Google+ and Twitter Card Tags Cross-Site Scripting (2.2.4)