1 matches found
foreman: the _session_id cookie is issued without the Secure flag
It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie...