Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2018-25060
HistoryDec 30, 2022 - 12:15 p.m.

CVE-2018-25060

2022-12-3012:15:09
CWE-311
CWE-614
[email protected]
web.nvd.nist.gov
2
macaron csrf
sensitive cookie
remote attack
difficult exploitation
patch
vdb-217058

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

41.7%

JSON

A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability.

Affected configurations

Nvd
Node
go-macaroncsrfMatch-macaron
VendorProductVersionCPE
go-macaroncsrf-cpe:2.3:a:go-macaron:csrf:-:*:*:*:*:macaron:*:*

Related

cvelist 1
debiancve 1
prion 1
cve 1
osv 3
ubuntucve 1
github 1
veracode 1
cvelist
cvelist
CVE-2018-25060 Macaron csrf csrf.go missing secure attribute
2022-12-30 11:47:29
debiancve
debiancve
CVE-2018-25060
2022-12-30 12:15:09
prion
prion
Design/Logic Flaw
2022-12-30 12:15:00
cve
cve
CVE-2018-25060
2022-12-30 12:15:09
osv
osv
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
2022-12-30 12:30:25
Insecure generation of cookies in github.com/go-macaron/csrf
2023-01-03 23:05:24
CVE-2018-25060
2022-12-30 12:15:09
ubuntucve
ubuntucve
CVE-2018-25060
2022-12-30 00:00:00
github
github
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
2022-12-30 12:30:25
veracode
veracode
Cross-site Request Forgery (CSRF)
2023-01-12 02:18:28

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

41.7%

JSON
Related for NVD:CVE-2018-25060
cvelist1debiancve1prion1cve1osv3ubuntucve1github1veracode1