← Back

CVE-2023-4654

nvd nist
Published: Aug 31, 2023Modified: Nov 21, 2024

JSON object

Loading...
3.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Exploitability: 2.1 / Impact: 1.4
Source: NVD

Description

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.

Affected (1)

Instantcms
1 product
Instantcms
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Instantcms
Before 2.16.1

Related CWEs

CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

References (4)

Source: security@huntr.dev
Patch
Source: security@huntr.dev
ExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchThird Party Advisory

Timeline

No history available yet.