Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CVE-2022-4409
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq versions prior to 3.1.9.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.
References
Advisory Timeline
- Published