Session Cookie Vulnerability in YetiShare by MFScripts
CVE-2019-19739
7.5HIGH
What is CVE-2019-19739?
The YetiShare application, developed by MFScripts, is affected by a security issue where it fails to set the Secure flag on session cookies. This oversight allows these cookies to be transmitted over insecure cleartext channels, potentially exposing sensitive user session data to interception by malicious actors. Users and administrators of YetiShare versions 3.5.2 through 4.5.3 should take immediate action to implement secure cookie settings to mitigate risks associated with this vulnerability.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved