NGINX: Session Fixation Vulnerability - Proactive Insights and Support For Open-Source Applications

In NGINX OpenID Connect versions 1.3.0 to 1.9.2, 1.12.5 and earlier, 2.2.1 to 2.4.2, 3.0.0 to 3.7.0, and 2.5.0 to 2.17.3 a medium severity vulnerability CVE-2024-10318 was detected. This vulnerability allows attackers to fix a victim’s session to an attacker-controlled account, leading to potential misuse of the victim’s session. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-10318.