Lucene search

[email protected]CVE-2023-4654

HistoryAug 31, 2023 - 1:15 a.m.

CVE-2023-4654

2023-08-3101:15:10

CWE-614

[email protected]

web.nvd.nist.gov

cve-2023-4654

sensitive cookie

https

session

secure attribute

github

repository

nvd

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

4.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.

Affected configurations

NVD

Node

instantcmsinstantcmsRange<2.16.1

CPENameOperatorVersion
instantcms:instantcmsinstantcmslt2.16.1

CPE	Name	Operator	Version
instantcms:instantcms	instantcms	lt	2.16.1

CNA Affected

[
  {
    "vendor": "instantsoft",
    "product": "instantsoft/icms2",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.16.1",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/instantsoft/icms2/commit/ca5f150da11d9caae86638885137afe35bcc3592

huntr.dev/bounties/56432a75-af43-4b1a-9307-bd8de568351b

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

4.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for CVE-2023-4654

osv1 nvd1 prion1 cvelist1 huntr1