Lucene search

K
osvGoogleOSV:CVE-2022-31629
HistorySep 28, 2022 - 11:15 p.m.

CVE-2022-31629

2022-09-2823:15:10
Google
osv.dev
17
php
cookie
vulnerability
network attacker
same-site attacker
browser

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

0.006

Percentile

79.3%

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim’s browser which is treated as a __Host- or __Secure- cookie by PHP applications.

References

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

0.006

Percentile

79.3%