9 matches found
GHSA-RQFJ-VV8R-XHQC nebula-mesh: Session and OIDC state cookies lack the Secure attribute
internal/web/session.go and internal/web/oidc.go set HttpOnly and SameSite=Lax on every cookie but never Secure. A single plaintext request to the origin operator on a LAN, mistyped URL, HTTP→HTTPS not strictly enforced, reverse proxy misconfiguration discloses the session. Affected All released...
EUVD-2024-48826
Malicious code in bioql PyPI...
CVE-2024-7998
In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan...
CVE-2024-7998
In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan...
CVE-2024-7998
In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan...
CVE-2024-7998
CVE-2024-7998 affects Octopus Server where OIDC cookies used the wrong expiration time, potentially enabling longer-lived cookies. The CVSS 3.1 vector reports a Low base score (2.6) with NETWORK attack vector, HIGH complexity, and user interaction required. The available documents state the vulne...
CVE-2024-7998
In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan...
CVE-2024-7998
In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan...
PT-2024-38745 · Unknown · Octopus Server
Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue is related to OIDC cookies using the wrong expiration time, potentially resulting in them using the maximum lifespan. Recommendations: At the moment, there is no informatio...