CVE-2023-24477

Name of the Vulnerable Software and Affected Versions Guardian/CMC versions prior to 22.6.2

Description The issue arises under certain conditions, influenced by timing and the usage of the Chrome web browser, where the user session is not always fully invalidated upon logout. This allows an authenticated local attacker to potentially gain access to the original user's session.

Recommendations For versions prior to 22.6.2, update to version 22.6.2 or later to resolve the issue. As a temporary workaround, consider implementing additional logout validation mechanisms to ensure user sessions are properly terminated. Restrict access to sensitive information and resources to minimize the risk of exploitation until the update can be applied.