The package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2022:7313 https://access.redhat.com/errata/RHSA-2022:7313
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-25896