CVE-2024-23679

CVE-2024-23679: Enonic XP Session Fixation Vulnerability

Weakness CWE-384 · Session fixation
Published January 19, 2024
Last update November 29, 2025

CVSS base score

What the vulnerability does

01Description

Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.

Key dates

02Disclosure timeline

January 19, 2024 CVE published
November 29, 2025 Record updated