Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CVE-2023-0055
Summary
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in pyload-ng prior to 0.5.0b3.dev32.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.
References
Advisory Timeline
- Published
