CWE-565
Reliance on Cookies without Validation and Integrity Checking
Description
The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-226 · CAPEC-31 · CAPEC-39
CVEs mapped to this weakness (31)
page 2 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-21583 | Med | 0.20 | 4.1 | 0.01 | Jul 19, 2024 | Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/p… | ||
| CVE-2024-28233 | 0.00 | — | 0.00 | Mar 27, 2024 | JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access… | |||
| CVE-2022-36032 | — | 0.00 | — | 0.01 | Sep 6, 2022 | ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to… | ||
| CVE-2022-29248 | 0.00 | — | 0.01 | May 25, 2022 | Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a… | |||
| CVE-2021-41819 | — | 0.00 | — | 0.03 | Jan 1, 2022 | CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. | ||
| CVE-2021-41263 | 0.00 | — | 0.01 | Nov 15, 2021 | rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be… | |||
| CVE-2021-3818 | 0.00 | — | 0.02 | Sep 27, 2021 | grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking | |||
| CVE-2021-29624 | 0.00 | — | 0.01 | May 19, 2021 | fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform… | |||
| CVE-2020-15128 | 0.00 | — | 0.01 | Jul 31, 2020 | In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code (nothing exploitable in the core… | |||
| CVE-2019-17104 | — | 0.00 | — | 0.02 | Oct 8, 2019 | In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | ||
| CVE-2011-3887 | 0.00 | — | 0.01 | Oct 25, 2011 | Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. |
- risk 0.20cvss 4.1epss 0.01
Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/p…
- CVE-2024-28233Mar 27, 2024risk 0.00cvss —epss 0.00
JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access…
- CVE-2022-36032Sep 6, 2022risk 0.00cvss —epss 0.01
ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to…
- CVE-2022-29248May 25, 2022risk 0.00cvss —epss 0.01
Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a…
- CVE-2021-41819Jan 1, 2022risk 0.00cvss —epss 0.03
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
- CVE-2021-41263Nov 15, 2021risk 0.00cvss —epss 0.01
rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be…
- CVE-2021-3818Sep 27, 2021risk 0.00cvss —epss 0.02
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking
- CVE-2021-29624May 19, 2021risk 0.00cvss —epss 0.01
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform…
- CVE-2020-15128Jul 31, 2020risk 0.00cvss —epss 0.01
In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code (nothing exploitable in the core…
- CVE-2019-17104Oct 8, 2019risk 0.00cvss —epss 0.02
In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.
- CVE-2011-3887Oct 25, 2011risk 0.00cvss —epss 0.01
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.