Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2023-0334
Good to know:
Date: September 7, 2023
Authentication cookie without Secure flag in GitHub repository wallabag/wallabag priro to 2.6.6.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-614Top Fix
Upgrade Version
Upgrade to version wallabag/wallabag - 2.6.6;wallabag/wallabag - dev-dependabot/composer/ocramius/proxy-manager-2.2.4;wallabag/wallabag - dev-release/2.4.2;wallabag/wallabag - dev-dependabot/npm_and_yarn/mini-css-extract-plugin-2.5.2;wallabag/wallabag - dev-dependabot/npm_and_yarn/clipboard-2.0.7;wallabag/wallabag - dev-dependabot/composer/phpstan-dependencies-6ca2a64842;wallabag/wallabag - dev-dependabot/github_actions/dependabot/fetch-metadata-2.1.0;wallabag/wallabag - dev-dependabot/composer/doctrine/data-fixtures-1.8.0;wallabag/wallabag - dev-dependabot/composer/predis/predis-2.1.2;wallabag/wallabag - dev-dependabot/composer/defuse/php-encryption-2.4.0;wallabag/wallabag - dev-dependabot/composer/phpstan-dependencies-3d2399b291;wallabag/wallabag - dev-dependabot/composer/stof/doctrine-extensions-bundle-1.7.2;wallabag/wallabag - dev-dependabot/npm_and_yarn/mini-css-extract-plugin-2.2.1;wallabag/wallabag - dev-dependabot/composer/phpstan/extension-installer-1.3.0;wallabag/wallabag - dev-dependabot/composer/php-http/mock-client-1.6.1;wallabag/wallabag - dev-dependabot/composer/predis/predis-2.3.0;wallabag/wallabag - dev-dependabot/composer/predis/predis-2.0.3;wallabag/wallabag - dev-dependabot/composer/defuse/php-encryption-2.3.1;wallabag/wallabag - dev-dependabot/npm_and_yarn/mini-css-extract-plugin-2.4.3;wallabag/wallabag - dev-dependabot/composer/php-http/mock-client-1.5.2;wallabag/wallabag - dev-dependabot/composer/shipmonk/composer-dependency-analyser-1.6.0;wallabag/wallabag - dev-dependabot/composer/php-http/mock-client-1.5.1;wallabag/wallabag - dev-dependabot/composer/pagerfanta/pagerfanta-2.6.0;wallabag/wallabag - dev-dependabot/npm_and_yarn/mini-css-extract-plugin-1.5.0;wallabag/wallabag - dev-dependabot/composer/php-http/client-common-2.6.1;wallabag/wallabag - dev-dependabot/composer/nelmio/cors-bundle-2.2.0;wallabag/wallabag - dev-dependabot/composer/shipmonk/composer-dependency-analyser-1.8.1;wallabag/wallabag - dev-dependabot/composer/phpstan/phpstan-1.9.3;wallabag/wallabag - dev-dependabot/npm_and_yarn/mini-css-extract-plugin-2.5.3;wallabag/wallabag - dev-dependabot/composer/bdunogier/guzzle-site-authenticator-1.1.0;wallabag/wallabag - dev-dependabot/composer/shipmonk/composer-dependency-analyser-1.8.2;wallabag/wallabag - dev-dependabot/github_actions/dependabot/fetch-metadata-1.4.0;wallabag/wallabag - dev-dependabot/npm_and_yarn/jr-qrcode-1.2.1;wallabag/wallabag - dev-dependabot/composer/shipmonk/composer-dependency-analyser-1.7.0;wallabag/wallabag - dev-dependabot/npm_and_yarn/loader-utils-2.0.4;wallabag/wallabag - dev-dependabot/composer/php-http/httplug-2.4.1;wallabag/wallabag - dev-dependabot/composer/predis/predis-2.2.2;wallabag/wallabag - dev-dependabot/npm_and_yarn/clipboard-2.0.8;wallabag/wallabag - dev-dependabot/composer/nelmio/cors-bundle-2.5.0;wallabag/wallabag - dev-dependabot/composer/phpstan/phpstan-symfony-1.3.1;wallabag/wallabag - dev-port/2.6.4-2.6.6
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | LOCAL |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | REQUIRED |
| Scope (S): | CHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |