exploitDog

CVE-2024-58317

Опубликовано: 18 дек. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session security and authentication state.

Ссылки

https://devnet.kentico.com/download/hotfixes
Product
https://www.vulncheck.com/advisories/kentico-xperience-cookie-security-configuration
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*

Версия до 13.0.164 (включая)

EPSS

Процентиль: 11%

0.00038

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-614

Связанные уязвимости

GHSA-q48x-g537-f47g

CVSS3: 5.3

github

около 2 месяцев назад

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session security and authentication state.

EPSS

Процентиль: 11%

0.00038

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-614