Lucene search

@huntrdevCVE-2023-3520

HistoryJul 06, 2023 - 1:15 a.m.

CVE-2023-3520

2023-07-0601:15:08

CWE-614

@huntrdev

web.nvd.nist.gov

cve-2023-3520

sensitive cookie

https

session

secure attribute

github

repository

nvd

CVSS3

4.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

32.9%

JSON

Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.

Affected configurations

Nvd

Node

it-novumopenitcockpitRange<4.6.6

VendorProductVersionCPE
it-novumopenitcockpit*cpe:2.3:a:it-novum:openitcockpit:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
it-novum	openitcockpit	*	cpe:2.3:a:it-novum:openitcockpit::::::::

CNA Affected

[
  {
    "vendor": "it-novum",
    "product": "it-novum/openitcockpit",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "4.6.6",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/it-novum/openitcockpit/commit/6c717f3c352e55257fc3fef2c5dec111f7d2ee6b

huntr.dev/bounties/f3b277bb-91db-419e-bcc4-fe0b055d2551