Lucene search
GitHub Advisory DatabaseGHSA-M748-HJQG-RPP8HistorySep 22, 2022 - 12:00 a.m.
rdiffweb has insecure HTTP cookies
2022-09-2200:00:24
CWE-311
CWE-614
GitHub Advisory Database
github.com
8
rdiffweb
http cookies
insecure
version 2.4.6 fix
session_id
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
30.2%
In rdiffweb prior to version 2.4.6, the cookie session_id does not have a secure attribute when the URL is invalid. Version 2.4.6 contains a fix for the issue.
Affected configurations
Node
rdiffwebrdiffwebRange<2.4.6
Related
huntr
huntr
Secure token is missed when ivalid URL is entered
2022-09-20 13:41:04
cve
cve
CVE-2022-3250
2022-09-21 17:15:09
osv
osv
PYSEC-2022-287
2022-09-21 17:15:00
rdiffweb has insecure HTTP cookies
2022-09-22 00:00:24
CVE-2022-3250
2022-09-21 17:15:09
nvd
nvd
CVE-2022-3250
2022-09-21 17:15:09
cvelist
cvelist
prion
prion
Session fixation
2022-09-21 17:15:00
veracode
veracode
Information Disclosure
2022-09-21 18:57:20
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
30.2%
Related for GHSA-M748-HJQG-RPP8