CVE-2022-1655

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and...

Design/Logic Flaw

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and...

CVE-2022-1655

CVE-2022-1655 affects Horizon on Red Hat OpenStack. The underlying issue is an incorrect permission handling for critical resources: Horizon session cookies are created without the HttpOnly flag even when HorizonSecureCookies is true. This could lead to confidentiality/integrity risks for user se...

CVE-2015-3207

In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes...

CVE-2015-3207

CVE-2015-3207 affects OpenShift Origin 3 where cookies set by the console lack the Secure and HttpOnly attributes. This misconfiguration enables potential exposure of session data over non-HTTPS connections and increases cookie theft risk. NVD assigns a MEDIUM base score (CVSS v2: 5.0; CVSS v3.1:...

Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to execute scripts to access the cookie JSA_CSRF when set without the HttpOnly flag.(CVE-2021-38879)

Summary Summary guidance: - The Jazz Team Server is vulnerable to execute scripts to access the cookie and transmitted it to another site when JSACSRF cookie is set without the HttpOnly flag. Vulnerability Details CVEID: CVE-2021-38879 DESCRIPTION: IBM Jazz Foundation could allow a remote attacke...

PT-2022-7817 · Red Hat · Openshift Origin

Name of the Vulnerable Software and Affected Versions: Openshift Origin version 3 Description: The issue is related to insecure cookies being set in the console of Openshift Origin. Specifically, the cookies lack 'secure' and 'HttpOnly' attributes. Recommendations: For Openshift Origin version 3,...

Red Hat OpenShift 安全漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. A security vulnerability exists in Red Hat OpenShift Origin version 3, which stems from a cookie set in the console that does not have...

Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to execute local scripts to access the cookie(s) when set without the HttpOnly flag.(CVE-2021-20355)

Summary Summary guidance: - The Jazz Team Server is vulnerable to execute local scripts to access the cookies and transmitted it to another site when cookies is set without the HttpOnly flag. Vulnerability Details CVEID: CVE-2021-20355 DESCRIPTION: IBM Jazz Foundation could allow a remote attacke...

IBM Jazz Team Server Information Disclosure Vulnerability (CNVD-2022-51653)

IBM Jazz Team Server is an application server from IBM America, Inc. provides base services that enable a group of tools to work together as a single logical server, and includes any number of Jazz Team Server Extensions that provide tool-specific functionality.A security vulnerability exists in...

Improper storage of authorization cookie on HTTPs pages

The authorization cookie used by the panel pufferauth is stored in the browser without using HttpOnly or Secure flags on the cookie...

CVE-2021-38879

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057...

CVE-2021-20355

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891...

Information disclosure

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891...

Information disclosure

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057...

CVE-2021-38879

IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057...

CVE-2021-38879

IBM Jazz Team Server versions 6.0.6–7.0.2 are affected by an information disclosure vulnerability due to cookie HTTPOnly flag not being set. The underlying cause is the failure to mark the JSA_CSRF cookie as HttpOnly, allowing a remote attacker to obtain sensitive information from the cookie. Imp...

IBM Jazz Team Server 安全漏洞

IBM Jazz Team Server is an application server from IBM America, Inc. provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality.IBM Jazz Team Server is vulnerable t...

IBM Jazz Team Server 安全漏洞

IBM Jazz Team Server is an application server from IBM America, Inc. provides base services that enable a group of tools to work together as a single logical server, and includes any number of Jazz Team Server Extensions that provide tool-specific functionality.A security vulnerability exists in...

CVE-2021-40649

In Connx Version 6.2.0.1269 20210623, a cookie can be issued by the application and not have the HttpOnly flag set...