CVE-2023-53957

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-53957

CWE

https://cwe.mitre.org/data/definitions/1275.html

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.

Weakness

The SameSite attribute for sensitive cookies is not set, or an insecure value is used.

Affected Software

Name	Vendor	Start Version	End Version
Kimai	Kimai	1.30.10 (including)	1.30.10 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/62.html

References

https://github.com/kimai/kimai/releases/tag/1.30.10
https://www.exploit-db.com/exploits/51278
https://www.vulncheck.com/advisories/kimai-samesite-cookie-vulnerability-session-hijacking

Sensitive Cookie with Improper SameSite Attribute

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References