8 matches found
nebula-mesh: Session and OIDC state cookies lack the Secure attribute
internal/web/session.go and internal/web/oidc.go set HttpOnly and SameSite=Lax on every cookie but never Secure. A single plaintext request to the origin operator on a LAN, mistyped URL, HTTP→HTTPS not strictly enforced, reverse proxy misconfiguration discloses the session. Affected All released...
CVE-2024-37830
An issue in Outline = v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie...
CVE-2024-37830
An issue in Outline = v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie...
CVE-2024-37830
An issue in Outline = v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie...
CVE-2024-37830
An issue in Outline = v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie...
PT-2024-27773 · Outline · Outline
Name of the Vulnerable Software and Affected Versions: Outline versions 0.76.1 and earlier Description: An issue allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie. Recommendations: For Outline versions 0.76.1 and earlier, update to a...
CVE-2024-37830
Summary: CVE-2024-37830 affects Outline up to v0.76.1. An issue allows an attacker to redirect a victim to a malicious site by intercepting and modifying the app’s state cookie. The vulnerability is described across Red Hat, NVD, CVE listings and partner advisories, with the recommended fix being...
Microsoft ASP.NET buffer overflow
Buffer overflow on state cookie processing...