{"id":"CVE-2021-34428","details":"For Eclipse Jetty versions \u003c= 9.4.40, \u003c= 10.0.2, \u003c= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.","aliases":["GHSA-m6cp-vxjx-65j6"],"modified":"2026-04-09T08:05:57.974967Z","published":"2021-06-22T15:15:16.443Z","related":["GHSA-m6cp-vxjx-65j6"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210813-0003/"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4949"},{"type":"ADVISORY","url":"https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jetty/jetty.project","events":[{"introduced":"0"},{"last_affected":"b881a572662e1943a14ae12e7e1207989f218b74"},{"introduced":"b9645a17373e4e9b7f30b6c0a07defcea2cb660b"},{"last_affected":"7bd207b30931f3f61d110b1121118fbb5d10cb48"},{"introduced":"432f896d7a4555fcc81f38108757ea0aca8788e6"},{"last_affected":"14ed9a526425785884b34f59e1153fede0ae3552"},{"introduced":"0"},{"last_affected":"b9645a17373e4e9b7f30b6c0a07defcea2cb660b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.4.40"},{"introduced":"10.0.0"},{"last_affected":"10.0.2"},{"introduced":"11.0.0"},{"last_affected":"11.0.2"},{"introduced":"0"},{"last_affected":"10.0"}]}}],"versions":["jetty-10.0.0","jetty-10.0.0.beta1","jetty-10.0.2","jetty-11.0.0-alpha0","jetty-11.0.0.beta1","jetty-11.0.0.beta2","jetty-11.0.2","jetty-8.0.0.RC0","jetty-8.1.0.RC0","jetty-9.1.0.M0","jetty-9.1.0.RC0","jetty-9.1.0.RC1","jetty-9.1.0.RC2","jetty-9.1.0.v20131115","jetty-9.1.1.v20140108","jetty-9.1.2.v20140210","jetty-9.1.3.v20140225","jetty-9.1.4.v20140401","jetty-9.2.0.M0","jetty-9.2.0.M1","jetty-9.2.0.RC0","jetty-9.2.0.v20140523","jetty-9.2.0.v20140526","jetty-9.2.1.v20140609","jetty-9.4.10.v20180503","jetty-9.4.12.v20180830","jetty-9.4.13.v20181111","jetty-9.4.14.v20181114","jetty-9.4.15.v20190215","jetty-9.4.2.v20170220","jetty-9.4.26.v20200117","jetty-9.4.27.v20200227","jetty-9.4.28.v20200408","jetty-9.4.32.v20200930","jetty-9.4.36.v20210114","jetty-9.4.37.v20210219","jetty-9.4.39.v20210325","jetty-9.4.40.v20210413","jetty-9.4.6.v20170531"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"11.0"},{"last_affected":"11.70.1"}]},{"events":[{"introduced":"0"},{"last_affected":"21.0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.2.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"8.0.0.0"},{"last_affected":"8.2.4.0"}]},{"events":[{"introduced":"8.0.0"},{"last_affected":"8.2.4.0"}]},{"events":[{"introduced":"0"},{"fixed":"21.3"}]},{"events":[{"introduced":"0"},{"last_affected":"21.9"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-34428.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}