CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Description
The Secure attribute for sensitive cookies in HTTPS sessions is not set.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-102
CVEs mapped to this weakness (28)
page 2 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0055 | 0.00 | — | 0.00 | Jan 4, 2023 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. | |||
| CVE-2018-25060 | — | 0.00 | — | 0.01 | Dec 30, 2022 | A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely.… | ||
| CVE-2022-4683 | — | 0.00 | — | 0.00 | Dec 23, 2022 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0. | ||
| CVE-2022-4409 | — | 0.00 | — | 0.00 | Dec 11, 2022 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9. | ||
| CVE-2022-3250 | — | 0.00 | — | 0.00 | Sep 21, 2022 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6. | ||
| CVE-2022-3174 | — | 0.00 | — | 0.01 | Sep 13, 2022 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2. | ||
| CVE-2015-3207 | — | 0.00 | — | 0.01 | Jul 7, 2022 | In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes. | ||
| CVE-2016-11076 | — | 0.00 | — | 0.01 | Jun 19, 2020 | An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. |
- CVE-2023-0055Jan 4, 2023risk 0.00cvss —epss 0.00
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.
- CVE-2018-25060Dec 30, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely.…
- CVE-2022-4683Dec 23, 2022risk 0.00cvss —epss 0.00
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.
- CVE-2022-4409Dec 11, 2022risk 0.00cvss —epss 0.00
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
- CVE-2022-3250Sep 21, 2022risk 0.00cvss —epss 0.00
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.6.
- CVE-2022-3174Sep 13, 2022risk 0.00cvss —epss 0.01
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2.
- CVE-2015-3207Jul 7, 2022risk 0.00cvss —epss 0.01
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.
- CVE-2016-11076Jun 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.