5 matches found
Information Disclosure
Rdiffweb is vulnerable to Sensitive Information Disclosure. The vulnerability exists due to an incomplete fix of CVE-2022-3174 which causes session cookies instantiated without the Secure attribute when the provided url is invalid. This flaw allows the transport of user cookies over insecure HTTP...
CVE-2022-3174
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...
CVE-2022-3174 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...
CVE-2022-3174 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/rdiffweb
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2...
CVE-2022-3174
CVE-2022-3174 affects rdiffweb prior to 2.4.2, where cookies are transmitted over HTTPS without the Secure attribute, exposing confidentiality. The issue impacts the GitHub repo ikus060/rdiffweb; CVSS v3.1/3.0 base score 7.5 (HIGH) with network attacker, no user interaction. Affected component: s...