Description
Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value following a successful login to gain access to customer account index page.
Remediation
References
Related Vulnerabilities
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1806)
MySQL CVE-2018-3058 Vulnerability (CVE-2018-3058)
Dolphin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3167)
PHP Out-of-bounds Read Vulnerability (CVE-2019-11042)
WordPress Plugin Advanced Advertising System PHP Object Injection (1.3.1)