Session Cookie Vulnerability in Mautic by Mautic Inc.
CVE-2017-1000046

7.5HIGH

Key Information:

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 13 July 2017

What is CVE-2017-1000046?

Mautic versions up to 2.6.1 are susceptible to a vulnerability that leads to improper management of session cookies. This misconfiguration allows for potential session hijacking, as the necessary flags are not set, making cookies easily accessible to malicious actors. Without adequate cookie security attributes, user sessions may be compromised, exposing sensitive user data and increasing the risk of unauthorized access.

References

https://www.trustmatta.com/advisories/MATTA-2017-002.txt

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2017
Vulnerability Reserved
Jul 10, 2017