Описание
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:espocrm:espocrm:7.1.8:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.00119
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 5.9
github
больше 3 лет назад
EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.
EPSS
Процентиль: 31%
0.00119
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-319