The package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.
This issue has been addressed in the following products:
Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8
Via RHSA-2022:7313 https://access.redhat.com/errata/RHSA-2022:7313
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):