VYPR

CWE-614

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

VariantDraft

Description

The Secure attribute for sensitive cookies in HTTPS sessions is not set.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-102

CVEs mapped to this weakness (28)

page 2 of 2
  • CVE-2023-0055Jan 4, 2023
    risk 0.00cvss epss 0.00

    Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.

  • CVE-2018-25060Dec 30, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely.…

  • CVE-2022-4683Dec 23, 2022
    risk 0.00cvss epss 0.00

    Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.

  • CVE-2022-4409Dec 11, 2022
    risk 0.00cvss epss 0.00

    Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

  • CVE-2022-3250Sep 21, 2022
    risk 0.00cvss epss 0.00

    Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6.

  • CVE-2022-3174Sep 13, 2022
    risk 0.00cvss epss 0.01

    Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2.

  • CVE-2015-3207Jul 7, 2022
    risk 0.00cvss epss 0.01

    In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.

  • CVE-2016-11076Jun 19, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.