This security bulletin contains one medium risk vulnerability.
CWE-384 - Session Fixation
Exploit availability: NoDescription
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the session is regenerated instead of being closed when a user logs in or logs out. A remote attacker can gain access to the session.Mitigation
Install update from vendor's website.Vulnerable software versions
strapi: 4.0.0 - 4.2.3
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?