Missing Encryption of Sensitive Data
CVE-2015-3207
Summary
In github.com/openshift/origin before 1.0.0 the cookies being set in the console have no 'secure', 'HttpOnly' attributes.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-311 - Missing Encryption of Sensitive Data
The software does not encrypt sensitive or critical information before storage or transmission.
References
Advisory Timeline
- Published