CWE-614
AllowedSensitive Cookie in HTTPS Session Without 'Secure' Attribute
Abstraction: Variant · Status: Draft
The Secure attribute for sensitive cookies in HTTPS sessions is not set.
115 vulnerabilities reference this CWE, most recent first.
CVE-2021-3882 (GCVE-0-2021-3882)
Vulnerability from cvelistv5 – Published: 2021-10-14 08:20 – Updated: 2024-08-03 17:09- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/7061d97a-98a5-495a-8ba… | x_refsource_CONFIRM |
| https://github.com/ledgersmb/ledgersmb/commit/c24… | x_refsource_MISC |
| https://ledgersmb.org/cve-2021-3882-sensitive-non… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| ledgersmb | ledgersmb/ledgersmb |
Affected:
1.8.0 , < unspecified
(custom)
Affected: unspecified , ≤ 1.8.21 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ledgersmb/ledgersmb/commit/c242f5a2abf4b99b0da205473cbba034f306bfe2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ledgersmb.org/cve-2021-3882-sensitive-non-secure-cookie"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ledgersmb/ledgersmb",
"vendor": "ledgersmb",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.8.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.8.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LedgerSMB does not set the \u0027Secure\u0027 attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network traffic. LedgerSMB 1.8 and newer switched from Basic authentication to using cookie authentication with encrypted cookies. Although an attacker can\u0027t access the information inside the cookie, nor the password of the user, possession of the cookie is enough to access the application as the user from which the cookie has been obtained. In order for the attacker to obtain the cookie, first of all the server must be configured to respond to unencrypted requests, the attacker must be suitably positioned to eavesdrop on the network traffic between the client and the server *and* the user must be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit Integrity impact of the attack vector. Users of LedgerSMB 1.8 are urged to upgrade to known-fixed versions. Users of LedgerSMB 1.7 or 1.9 are unaffected by this vulnerability and don\u0027t need to take action. As a workaround, users may configure their Apache or Nginx reverse proxy to add the Secure attribute at the network boundary instead of relying on LedgerSMB. For Apache, please refer to the \u0027Header always edit\u0027 configuration command in the mod_headers module. For Nginx, please refer to the \u0027proxy_cookie_flags\u0027 configuration command."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-14T08:20:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ledgersmb/ledgersmb/commit/c242f5a2abf4b99b0da205473cbba034f306bfe2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ledgersmb.org/cve-2021-3882-sensitive-non-secure-cookie"
}
],
"source": {
"advisory": "7061d97a-98a5-495a-8ba0-3a4c66091e9d",
"discovery": "EXTERNAL"
},
"title": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in ledgersmb/ledgersmb",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3882",
"STATE": "PUBLIC",
"TITLE": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in ledgersmb/ledgersmb"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ledgersmb/ledgersmb",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.8.0"
},
{
"version_affected": "\u003c=",
"version_value": "1.8.21"
}
]
}
}
]
},
"vendor_name": "ledgersmb"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LedgerSMB does not set the \u0027Secure\u0027 attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network traffic. LedgerSMB 1.8 and newer switched from Basic authentication to using cookie authentication with encrypted cookies. Although an attacker can\u0027t access the information inside the cookie, nor the password of the user, possession of the cookie is enough to access the application as the user from which the cookie has been obtained. In order for the attacker to obtain the cookie, first of all the server must be configured to respond to unencrypted requests, the attacker must be suitably positioned to eavesdrop on the network traffic between the client and the server *and* the user must be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit Integrity impact of the attack vector. Users of LedgerSMB 1.8 are urged to upgrade to known-fixed versions. Users of LedgerSMB 1.7 or 1.9 are unaffected by this vulnerability and don\u0027t need to take action. As a workaround, users may configure their Apache or Nginx reverse proxy to add the Secure attribute at the network boundary instead of relying on LedgerSMB. For Apache, please refer to the \u0027Header always edit\u0027 configuration command in the mod_headers module. For Nginx, please refer to the \u0027proxy_cookie_flags\u0027 configuration command."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d"
},
{
"name": "https://github.com/ledgersmb/ledgersmb/commit/c242f5a2abf4b99b0da205473cbba034f306bfe2",
"refsource": "MISC",
"url": "https://github.com/ledgersmb/ledgersmb/commit/c242f5a2abf4b99b0da205473cbba034f306bfe2"
},
{
"name": "https://ledgersmb.org/cve-2021-3882-sensitive-non-secure-cookie",
"refsource": "MISC",
"url": "https://ledgersmb.org/cve-2021-3882-sensitive-non-secure-cookie"
}
]
},
"source": {
"advisory": "7061d97a-98a5-495a-8ba0-3a4c66091e9d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3882",
"datePublished": "2021-10-14T08:20:11.000Z",
"dateReserved": "2021-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29024 (GCVE-0-2020-29024)
Vulnerability from cvelistv5 – Published: 2021-02-16 15:07 – Updated: 2024-09-16 16:38- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
| URL | Tags |
|---|---|
| https://www.secomea.com/support/cybersecurity-adv… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Secomea | GateManager |
Affected:
all , < 9.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GateManager",
"vendor": "Secomea",
"versions": [
{
"lessThan": "9.3",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:07:41.000Z",
"orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"shortName": "Secomea"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
}
],
"source": {
"defect": [
"RD-2418"
],
"discovery": "EXTERNAL"
},
"title": "Missing HtppOnly and Secure flags",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "VulnerabilityReporting@secomea.com",
"DATE_PUBLIC": "2021-02-16T00:00:00.000Z",
"ID": "CVE-2020-29024",
"STATE": "PUBLIC",
"TITLE": "Missing HtppOnly and Secure flags"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GateManager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "all",
"version_value": "9.3"
}
]
}
}
]
},
"vendor_name": "Secomea"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.secomea.com/support/cybersecurity-advisory/#2418",
"refsource": "MISC",
"url": "https://www.secomea.com/support/cybersecurity-advisory/#2418"
}
]
},
"source": {
"defect": [
"RD-2418"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"assignerShortName": "Secomea",
"cveId": "CVE-2020-29024",
"datePublished": "2021-02-16T15:07:41.787Z",
"dateReserved": "2020-11-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:38:40.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27651 (GCVE-0-2020-27651)
Vulnerability from cvelistv5 – Published: 2020-10-29 08:55 – Updated: 2024-09-16 16:53- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
| URL | Tags |
|---|---|
| https://www.synology.com/security/advisory/Synolo… | x_refsource_CONFIRM |
| https://www.talosintelligence.com/vulnerability_r… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Synology | Synology Router Manager (SRM) |
Affected:
unspecified , < 1.2.4-8081
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Synology Router Manager (SRM)",
"vendor": "Synology",
"versions": [
{
"lessThan": "1.2.4-8081",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614: Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T20:06:17.000Z",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2020-10-29T00:00:00",
"ID": "CVE-2020-27651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Synology Router Manager (SRM)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.2.4-8081"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.8",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-614: Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_14",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_14"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2020-27651",
"datePublished": "2020-10-29T08:55:20.903Z",
"dateReserved": "2020-10-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:53:56.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27650 (GCVE-0-2020-27650)
Vulnerability from cvelistv5 – Published: 2020-10-29 09:00 – Updated: 2024-09-16 23:10- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
| URL | Tags |
|---|---|
| https://www.synology.com/security/advisory/Synolo… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Synology | DiskStation Manager (DSM) |
Affected:
unspecified , < 6.2.3-25426-2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DiskStation Manager (DSM)",
"vendor": "Synology",
"versions": [
{
"lessThan": "6.2.3-25426-2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614: Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T09:00:25.000Z",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2020-10-29T00:00:00",
"ID": "CVE-2020-27650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DiskStation Manager (DSM)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "6.2.3-25426-2"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.8",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-614: Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_18",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2020-27650",
"datePublished": "2020-10-29T09:00:25.555Z",
"dateReserved": "2020-10-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:10:20.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25060 (GCVE-0-2018-25060)
Vulnerability from cvelistv5 – Published: 2022-12-30 11:47 – Updated: 2024-08-05 12:26- CWE-614 - Sensitive Cookie Without Secure Attribute
| URL | Tags |
|---|---|
| https://vuldb.com/?id.217058 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.217058 | signaturepermissions-required |
| https://github.com/go-macaron/csrf/pull/7 | issue-tracking |
| https://github.com/go-macaron/csrf/commit/dadd171… | patch |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.217058"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.217058"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/go-macaron/csrf/pull/7"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "csrf",
"vendor": "Macaron",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Macaron csrf gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei csrf.go. Mittels Manipulieren des Arguments Generate mit unbekannten Daten kann eine sensitive cookie without secure attribute-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Patch wird als dadd1711a617000b70e5e408a76531b73187031c bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614 Sensitive Cookie Without Secure Attribute",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T12:11:40.501Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.217058"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.217058"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/go-macaron/csrf/pull/7"
},
{
"tags": [
"patch"
],
"url": "https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-30T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2022-12-30T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-01-26T09:25:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "Macaron csrf csrf.go missing secure attribute"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2018-25060",
"datePublished": "2022-12-30T11:47:29.633Z",
"dateReserved": "2022-12-30T11:46:16.222Z",
"dateUpdated": "2024-08-05T12:26:39.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3207 (GCVE-0-2015-3207)
Vulnerability from cvelistv5 – Published: 2022-07-07 12:25 – Updated: 2024-08-06 05:39| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1221882 | x_refsource_MISC |
| https://github.com/openshift/origin/pull/2261 | x_refsource_MISC |
| https://github.com/openshift/origin/pull/2291 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Openshift Origin |
Affected:
Openshift Origin 3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openshift/origin/pull/2261"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/openshift/origin/pull/2291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Openshift Origin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Openshift Origin 3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Openshift Origin 3 the cookies being set in console have no \u0027secure\u0027, \u0027HttpOnly\u0027 attributes."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-614",
"description": "CWE-614",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-07T12:25:43.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openshift/origin/pull/2261"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/openshift/origin/pull/2291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Openshift Origin",
"version": {
"version_data": [
{
"version_value": "Openshift Origin 3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Openshift Origin 3 the cookies being set in console have no \u0027secure\u0027, \u0027HttpOnly\u0027 attributes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-614"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"
},
{
"name": "https://github.com/openshift/origin/pull/2261",
"refsource": "MISC",
"url": "https://github.com/openshift/origin/pull/2261"
},
{
"name": "https://github.com/openshift/origin/pull/2291",
"refsource": "MISC",
"url": "https://github.com/openshift/origin/pull/2291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3207",
"datePublished": "2022-07-07T12:25:43.000Z",
"dateReserved": "2015-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:39:31.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-32C6-653X-X3PM
Vulnerability from github – Published: 2022-09-22 00:00 – Updated: 2022-09-25 00:00Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2.
{
"affected": [],
"aliases": [
"CVE-2022-3251"
],
"database_specific": {
"cwe_ids": [
"CWE-311",
"CWE-614"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-21T17:15:00Z",
"severity": "MODERATE"
},
"details": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in GitHub repository ikus060/minarca prior to 4.2.2.",
"id": "GHSA-32c6-653x-x3pm",
"modified": "2022-09-25T00:00:20Z",
"published": "2022-09-22T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3251"
},
{
"type": "WEB",
"url": "https://github.com/ikus060/minarca/commit/7b5c7e6cbd59268d5cd4f1b5f42e721db116f71a"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/b9a1b411-060b-4235-9426-e39bd0a1d6d9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-34W4-WRQP-J47G
Vulnerability from github – Published: 2023-10-31 03:31 – Updated: 2023-10-31 19:39Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "thorsten/phpmyfaq"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-5866"
],
"database_specific": {
"cwe_ids": [
"CWE-614"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-31T19:39:42Z",
"nvd_published_at": "2023-10-31T01:15:07Z",
"severity": "MODERATE"
},
"details": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.",
"id": "GHSA-34w4-wrqp-j47g",
"modified": "2023-10-31T19:39:42Z",
"published": "2023-10-31T03:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5866"
},
{
"type": "WEB",
"url": "https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55"
},
{
"type": "PACKAGE",
"url": "https://github.com/thorsten/phpMyFAQ"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Sensitive cookie in HTTPS session without \u0027Secure\u0027 attribute in thorsten/phpmyfaq"
}
GHSA-379P-37XC-Q963
Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2025-10-22 20:54An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-11076"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-614"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-22T20:54:31Z",
"nvd_published_at": "2020-06-19T20:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.",
"id": "GHSA-379p-37xc-q963",
"modified": "2025-10-22T20:54:31Z",
"published": "2022-05-24T17:21:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-11076"
},
{
"type": "WEB",
"url": "https://github.com/mattermost/mattermost/commit/bac25154d659883c801b3bb9a0687f46570f5bbf"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Mattermost Server does not check if cookies are used over SSL"
}
GHSA-4V7C-97MG-H3WH
Vulnerability from github – Published: 2026-02-26 09:30 – Updated: 2026-03-12 15:30The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.
{
"affected": [],
"aliases": [
"CVE-2026-1697"
],
"database_specific": {
"cwe_ids": [
"CWE-614"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-26T08:16:19Z",
"severity": "MODERATE"
},
"details": "The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.",
"id": "GHSA-4v7c-97mg-h3wh",
"modified": "2026-03-12T15:30:23Z",
"published": "2026-02-26T09:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1697"
},
{
"type": "WEB",
"url": "https://www.pcvue.com/security/#SB2026-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Clear",
"type": "CVSS_V4"
}
]
}
Mitigation
Always set the secure attribute when the cookie should be sent via HTTPS only.
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.