CVE-2022-2306 Information

Description

Old session tokens can be used to authenticate to the application and send authenticated requests.

Reference

https://github.com/heroiclabs/nakama/commit/ce8d3921e2acd44ef8b5e6edfe595b6df067b166 https://huntr.dev/bounties/35acf263-6db4-4310-ab27-4c3c3a53f796