Cleartext Transmission of Sensitive Information

CVE-2021-42699

Medium

5.7/10

Summary

The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-319 - Cleartext Transmission of Sensitive Information

The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References

Advisory Timeline

Published Nov 05, 2021

Cleartext Transmission of Sensitive Information

CVE-2021-42699

Summary

CWE-319 - Cleartext Transmission of Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS