Skip to main content

CVE-2024-23679: CWE-384 Session Fixation

Critical
VulnerabilityCVE-2024-23679cvecve-2024-23679cwe-384
Published: Fri Jan 19 2024 (01/19/2024, 20:23:03 UTC)
Source: CVE Database V5

Description

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.

AI-Powered Analysis

AILast updated: 07/08/2025, 17:13:02 UTC

Technical Analysis

CVE-2024-23679 is a critical session fixation vulnerability affecting Enonic XP versions prior to 7.7.4. The vulnerability is classified under CWE-384, which pertains to session fixation issues. In this case, the Enonic XP platform does not properly invalidate or regenerate session identifiers upon user authentication or session attribute changes. This flaw allows a remote, unauthenticated attacker to fixate a session identifier and then hijack the session once the victim authenticates, effectively gaining unauthorized access with the victim's privileges. The vulnerability has a CVSS v3.1 base score of 9.8, indicating a critical severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact affects confidentiality, integrity, and availability (all rated high), meaning an attacker can fully compromise user sessions, potentially accessing sensitive data, performing unauthorized actions, or disrupting services. Although no known exploits are currently reported in the wild, the ease of exploitation and critical impact make this a significant threat. Enonic XP is a web content management and application platform, often used by organizations for building websites and digital services, making the vulnerability relevant to any deployment of affected versions.

Potential Impact

For European organizations using Enonic XP versions below 7.7.4, this vulnerability poses a severe risk. Attackers can remotely hijack user sessions without authentication or user interaction, leading to unauthorized access to sensitive information, manipulation of web content, or disruption of digital services. This can result in data breaches, loss of customer trust, regulatory non-compliance (e.g., GDPR violations), and operational downtime. Given the critical CVSS score and the nature of session fixation, attackers could target administrative or privileged user sessions, amplifying the damage. Organizations in sectors such as government, finance, healthcare, and e-commerce that rely on Enonic XP for their web presence or internal portals are particularly vulnerable. The lack of known exploits in the wild does not diminish the urgency, as the vulnerability is straightforward to exploit remotely.

Mitigation Recommendations

European organizations should immediately assess their Enonic XP deployments and upgrade to version 7.7.4 or later, where the session fixation issue is resolved. If immediate upgrading is not feasible, implement compensating controls such as enforcing strict session management policies, including regenerating session IDs upon login, setting secure and HttpOnly flags on cookies, and limiting session lifetimes. Web application firewalls (WAFs) can be configured to detect and block suspicious session fixation attempts. Additionally, monitor logs for unusual session behaviors and educate users about the risks of session hijacking. Regularly audit and test session management mechanisms to ensure compliance with security best practices. Organizations should also review their incident response plans to quickly address any potential exploitation attempts.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulnCheck
Date Reserved
2024-01-19T17:35:09.984Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6839c41d182aa0cae2b4360e

Added to database: 5/30/2025, 2:43:41 PM

Last enriched: 7/8/2025, 5:13:02 PM

Last updated: 8/12/2025, 8:01:47 PM

Views: 17

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats