Lucene search

BIT-codeigniter-2022-39284

🗓️ 06 Mar 2024 10:32:53Reported by GoogleType

osv🔗 osv.dev👁 12 Views

CodeIgniter PHP framework v4.2.7 and below allows exposure of cookie values with $secure or $httponly set to true in Config\Cookie

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 9
Veracode	Information Disclosure	7 Oct 202205:59	–	veracode
Friends Of PHP	CVE-2022-39284: Config\Cookie Secure or HttpOnly flag not set in CodeIgniter4	6 Oct 202209:39	–	friendsofphp
Cvelist	CVE-2022-39284 Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued in Codeigniter4	6 Oct 202200:00	–	cvelist
OSV	Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued	6 Oct 202220:01	–	osv
OSV	CVE-2022-39284	6 Oct 202220:15	–	osv
Prion	Code injection	6 Oct 202220:15	–	prion
Github Security Blog	Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued	6 Oct 202220:01	–	github
CVE	CVE-2022-39284	6 Oct 202220:15	–	cve
NVD	CVE-2022-39284	6 Oct 202220:15	–	nvd

Source	Link
codeigniter4	www.codeigniter4.github.io/userguide/helpers/cookie_helper.html
codeigniter4	www.codeigniter4.github.io/userguide/outgoing/response.html
developer	www.developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
github	www.github.com/codeigniter4/CodeIgniter4/issues/6540
github	www.github.com/codeigniter4/CodeIgniter4/pull/6544
github	www.github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-745p-r637-7vvp

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 Mar 2024 10:53Current

7.2High risk

Vulners AI Score7.2

CVSS34.3

EPSS0.00126