Описание
In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0.
Ссылки
- Patch
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.0 (исключая)
cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00054
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-614
CWE-319
Связанные уязвимости
CVSS3: 7.5
debian
11 месяцев назад
In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive c ...
CVSS3: 5.3
github
11 месяцев назад
In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0.
EPSS
Процентиль: 17%
0.00054
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-614
CWE-319