Lucene search

[email protected]NVD:CVE-2022-32777

HistoryAug 22, 2022 - 7:15 p.m.

CVE-2022-32777

2022-08-2219:15:10

CWE-732

[email protected]

web.nvd.nist.gov

vulnerability

information disclosure

cookie functionality

wwbn avideo 11.6

dev master commit

httponly flag

secure flag

javascript

session cookie

non-https connections

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

57.2%

JSON

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the session cookie to be leaked over non-HTTPS connections. This could allow an attacker to steal the session cookie via crafted HTTP requests.This vulnerabilty is for the session cookie which can be leaked via JavaScript.

Affected configurations

Nvd

Node

wwbnavideoMatch11.6

VendorProductVersionCPE
wwbnavideo11.6cpe:2.3:a:wwbn:avideo:11.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wwbn	avideo	11.6	cpe:2.3:a:wwbn:avideo:11.6:::::::*

References

github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql

talosintelligence.com/vulnerability_reports/TALOS-2022-1542

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

57.2%

JSON

Related for NVD:CVE-2022-32777

osv1 prion1 cvelist1 cve1 talos1 talosblog1