Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2026/06/10 6:49 p.m.10 views

nebula-mesh: Session and OIDC state cookies lack the Secure attribute

internal/web/session.go and internal/web/oidc.go set HttpOnly and SameSite=Lax on every cookie but never Secure. A single plaintext request to the origin operator on a LAN, mistyped URL, HTTP→HTTPS not strictly enforced, reverse proxy misconfiguration discloses the session. Affected All released...

5.6AI score0.00031EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 6:58 a.m.9 views

CVE-2024-37830

An issue in Outline = v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie...

6.1CVSS6.7AI score0.00313EPSS
Exploits1References1
NVD
NVD
added 2024/07/09 8:15 p.m.28 views

CVE-2024-37830

An issue in Outline = v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie...

6.1CVSS0.00313EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/09 12:0 a.m.29 views

CVE-2024-37830

An issue in Outline = v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie...

0.00313EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/09 12:0 a.m.20 views

CVE-2024-37830

An issue in Outline = v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie...

6.7AI score0.00313EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.7 views

PT-2024-27773 · Outline · Outline

Name of the Vulnerable Software and Affected Versions: Outline versions 0.76.1 and earlier Description: An issue allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie. Recommendations: For Outline versions 0.76.1 and earlier, update to a...

6.1CVSS7AI score0.00313EPSS
Exploits1References5
CVE
CVE
added 2024/07/09 12:0 a.m.59 views

CVE-2024-37830

Summary: CVE-2024-37830 affects Outline up to v0.76.1. An issue allows an attacker to redirect a victim to a malicious site by intercepting and modifying the app’s state cookie. The vulnerability is described across Red Hat, NVD, CVE listings and partner advisories, with the recommended fix being...

6.1CVSS6.4AI score0.00313EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2002/06/07 12:0 a.m.55 views

Microsoft ASP.NET buffer overflow

Buffer overflow on state cookie processing...

3.9AI score
Exploits0References1Affected Software1
Rows per page
Query Builder