Session Cookie Vulnerability in Mautic by Mautic Inc.
CVE-2017-1000046

7.5HIGH

Key Information:

Vendor

Mautic

Status
Mautic
Vendor
CVE Published:
13 July 2017

What is CVE-2017-1000046?

Mautic versions up to 2.6.1 are susceptible to a vulnerability that leads to improper management of session cookies. This misconfiguration allows for potential session hijacking, as the necessary flags are not set, making cookies easily accessible to malicious actors. Without adequate cookie security attributes, user sessions may be compromised, exposing sensitive user data and increasing the risk of unauthorized access.

References

https://www.trustmatta.com/advisories/MATTA-2017-002.txt
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2017-1000046 : Session Cookie Vulnerability in Mautic by Mautic Inc.