CVE Vulnerabilities

CVE-2022-3251

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Published: Sep 21, 2022 | Modified: Nov 21, 2024
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Sensitive Cookie in HTTPS Session Without Secure Attribute in GitHub repository ikus060/minarca prior to 4.2.2.

Weakness

The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

Affected Software

Name Vendor Start Version End Version
Minarca Ikus-soft * 4.2.2 (excluding)

Potential Mitigations

References