Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistVulDBCVELIST:CVE-2018-25060
HistoryDec 30, 2022 - 11:47 a.m.

CVE-2018-25060 Macaron csrf csrf.go missing secure attribute

2022-12-3011:47:29
CWE-614
VulDB
www.cve.org
1
macaron csrf vulnerability
csrf.go
missing secure attribute
sensitive cookie
remote attack
high complexity
difficult exploitation
patch dadd1711a617000b70e5e408a76531b73187031c
vdb-217058.

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

41.7%

JSON

A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability.

CNA Affected

[
  {
    "vendor": "Macaron",
    "product": "csrf",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

Related

debiancve 1
prion 1
cve 1
osv 3
veracode 1
nvd 1
ubuntucve 1
github 1
debiancve
debiancve
CVE-2018-25060
2022-12-30 12:15:09
prion
prion
Design/Logic Flaw
2022-12-30 12:15:00
cve
cve
CVE-2018-25060
2022-12-30 12:15:09
osv
osv
Insecure generation of cookies in github.com/go-macaron/csrf
2023-01-03 23:05:24
CVE-2018-25060
2022-12-30 12:15:09
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
2022-12-30 12:30:25
veracode
veracode
Cross-site Request Forgery (CSRF)
2023-01-12 02:18:28
nvd
nvd
CVE-2018-25060
2022-12-30 12:15:09
ubuntucve
ubuntucve
CVE-2018-25060
2022-12-30 00:00:00
github
github
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
2022-12-30 12:30:25

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

41.7%

JSON
Related for CVELIST:CVE-2018-25060
debiancve1prion1cve1osv3veracode1nvd1ubuntucve1github1