exploitDog

GHSA-q48x-g537-f47g

Опубликовано: 18 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 6.9

CVSS3: 5.3

Описание

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session security and authentication state.

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session security and authentication state.

Ссылки

EPSS

Процентиль: 11%

0.00038

Низкий

6.9 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-614

Связанные уязвимости

CVE-2024-58317

CVSS3: 5.3

nvd

около 2 месяцев назад

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session security and authentication state.

EPSS

Процентиль: 11%

0.00038

Низкий

6.9 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-614