Lucene search
K

9 matches found

OSV
OSV
added 2026/06/10 6:49 p.m.16 views

GHSA-RQFJ-VV8R-XHQC nebula-mesh: Session and OIDC state cookies lack the Secure attribute

internal/web/session.go and internal/web/oidc.go set HttpOnly and SameSite=Lax on every cookie but never Secure. A single plaintext request to the origin operator on a LAN, mistyped URL, HTTP→HTTPS not strictly enforced, reverse proxy misconfiguration discloses the session. Affected All released...

8.2CVSS5.6AI score0.00031EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-48826

Malicious code in bioql PyPI...

2.6CVSS6.6AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:51 a.m.5 views

CVE-2024-7998

In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan...

2.6CVSS7AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2024/08/21 6:15 a.m.8 views

CVE-2024-7998

In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan...

2.6CVSS5.8AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 6:15 a.m.13 views

CVE-2024-7998

In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan...

2.6CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2024/08/21 5:30 a.m.50 views

CVE-2024-7998

CVE-2024-7998 affects Octopus Server where OIDC cookies used the wrong expiration time, potentially enabling longer-lived cookies. The CVSS 3.1 vector reports a Low base score (2.6) with NETWORK attack vector, HIGH complexity, and user interaction required. The available documents state the vulne...

2.6CVSS4AI score0.00234EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/21 5:30 a.m.11 views

CVE-2024-7998

In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan...

2.6CVSS7AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/21 5:30 a.m.21 views

CVE-2024-7998

In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan...

2.6CVSS0.00234EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.4 views

PT-2024-38745 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue is related to OIDC cookies using the wrong expiration time, potentially resulting in them using the maximum lifespan. Recommendations: At the moment, there is no informatio...

2.6CVSS6.1AI score0.00234EPSS
Exploits0References5
Rows per page
Query Builder