Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-HHXG-PX5H-JC32
HistoryDec 30, 2022 - 12:30 p.m.

Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute

2022-12-3012:30:25
CWE-311
CWE-614
GitHub Advisory Database
github.com
3
macaron csrf
encryption missing
sensitive cookies
http session
secure attribute
vulnerability
patch
remote attack
vdb-217058

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

41.7%

JSON

A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The name of the patch is dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability.

Affected configurations

Vulners
Node
go-macaroncsrfRange<0.0.0-20180426211050-dadd1711a617macaron
VendorProductVersionCPE
go-macaroncsrf*cpe:2.3:a:go-macaron:csrf:*:*:*:*:*:macaron:*:*

Related

cvelist 1
debiancve 1
prion 1
cve 1
osv 3
ubuntucve 1
veracode 1
nvd 1
cvelist
cvelist
CVE-2018-25060 Macaron csrf csrf.go missing secure attribute
2022-12-30 11:47:29
debiancve
debiancve
CVE-2018-25060
2022-12-30 12:15:09
prion
prion
Design/Logic Flaw
2022-12-30 12:15:00
cve
cve
CVE-2018-25060
2022-12-30 12:15:09
osv
osv
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
2022-12-30 12:30:25
Insecure generation of cookies in github.com/go-macaron/csrf
2023-01-03 23:05:24
CVE-2018-25060
2022-12-30 12:15:09
ubuntucve
ubuntucve
CVE-2018-25060
2022-12-30 00:00:00
veracode
veracode
Cross-site Request Forgery (CSRF)
2023-01-12 02:18:28
nvd
nvd
CVE-2018-25060
2022-12-30 12:15:09

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

41.7%

JSON
Related for GHSA-HHXG-PX5H-JC32
cvelist1debiancve1prion1cve1osv3ubuntucve1veracode1nvd1