CVE-2021-3740

Name of the Vulnerable Software and Affected Versions chatwoot/chatwoot versions prior to 2.4.0

Description A Session Fixation issue exists, where the application does not invalidate existing sessions on other devices when a user changes their password, allowing old sessions to persist. This can lead to unauthorized access if an attacker has obtained a session token.

Recommendations For versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue. As a temporary workaround, consider invalidating existing sessions on other devices when a user changes their password to minimize the risk of exploitation.