Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CVE-2022-3250

Medium

5.3/10

Summary

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in rdiffweb prior to 2.4.6.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

References

Advisory
Disclosure

Advisory Timeline

Published Sep 21, 2022

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CVE-2022-3250

Summary

CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS