Sensitive Cookie Without 'HttpOnly' Flag in pi-hole/adminlte
CVE-2021-3706

7.4HIGH

Key Information:

Vendor: Pi-hole
Status: Pi-hole/adminlte
Vendor: CVE Published:; 15 September 2021

🔔 Create Pi-hole Vulnerability Alert

What is CVE-2021-3706?

adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag

Affected Version(s)

pi-hole/adminlte < 5.6

References

https://huntr.dev/bounties/ac7fd77b-b31b-4d02-aebd-f89ecb...

x_refsource_CONFIRM

https://github.com/pi-hole/adminlte/commit/cf8602eedd4a31...

x_refsource_MISC

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2021
Vulnerability Reserved
Aug 13, 2021

.