386 matches found
CVE-2022-3251
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2...
CVE-2022-3250
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...
PYSEC-2022-287
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...
CVE-2022-3250 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...
CVE-2022-3250 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...
CVE-2022-3250
CVE-2022-3250 affects the rdiffweb project (GitHub ikus060/rdiffweb) prior to version 2.4.6. The root issue is a session cookie (session_id) that is not marked with the Secure attribute when the URL is invalid, exposing the cookie over non-secure channels. Several sources confirm the vulnerabilit...
CVE-2022-3250 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6...
CVE-2022-3251 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/minarca
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2...
CVE-2022-3251 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/minarca
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2...
CVE-2022-3251
CVE-2022-3251 affects the Minarca project. Prior to version 4.2.2, a cookie used in HTTPS sessions was stored without the Secure attribute, enabling the cookie to be exposed in some scenarios. The issue is tied to the GitHub repository ikus060/minarca and is documented across multiple sources (in...
Yelp: If the website does not impose additional defense against CSRF attacks, failing to use the 'Lax' or 'Strict' values could increase the risk of exposur
Summary: Cookies are typically sent to third parties in cross-origin requests. This can be abused to do CSRF attacks. Recently a new cookie attribute named SameSite was proposed to disable third-party usage for some cookies, to prevent CSRF attacks. Same-site cookies allow servers to mitigate the...
rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
rdiffweb version 2.4.1 is vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. This makes it so that a user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Version 2.4.2 contains a fix for the issue...
GHSA-MJW4-XVX6-3GRG rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
rdiffweb version 2.4.1 is vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. This makes it so that a user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Version 2.4.2 contains a fix for the issue...
CVE-2022-22329
IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacke...
Authorization
IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacke...
CVE-2022-3174
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...
PYSEC-2022-271
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...
CVE-2022-3174 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...
Session_id without Secure attribute
Description User's session id with secure attribute is false. This vulnerability makes user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Proof of Concept Open the browser and get access to the minarca website, for this scenario I have used the demo/test...
PT-2022-20900 · Rdiffweb · Rdiffweb
Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.2 Description: The issue allows a user's cookies to be sent to the server with an unencrypted request over the HTTP protocol because the 'Secure' attribute is missing in the HTTPS session. This affects the...