CVE-2024-23590

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Nov 4, 2024

Updated: Nov 5, 2024

CWE ID 384

Summary

CVE-2024-23590 is a session fixation vulnerability that has been identified in Apache Kylin. This issue puts affected versions of Apache Kylin, specifically those from 2.0.0 through 4.x, at risk. Hackers can exploit this vulnerability to gain unauthorized access to user sessions by manipulating session IDs. To mitigate this threat, users are advised to upgrade to the latest version, 5.0.0 or above, which includes the necessary patch to resolve the vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Kylin

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uMFG-t
https://www.cve.org/CVERecord?id=CVE-2024-23590
https://nvd.nist.gov/vuln/detail/CVE-2024-23590

Back to Vulnerability Database