CVE Vulnerabilities

CVE-2020-29024

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Published: Feb 16, 2021 | Modified: Nov 21, 2024
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Sensitive Cookie in HTTPS Session Without Secure Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.

Weakness

The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

Affected Software

Name Vendor Start Version End Version
Gatemanager_4250_firmware Secomea * *

Potential Mitigations

References