EspoCRM Vulnerability due to Missing Secure Flag
CVE-2022-38846

5.9MEDIUM

Key Information:

Vendor: Espocrm
Status: Espocrm
Vendor: CVE Published:; 16 September 2022

What is CVE-2022-38846?

EspoCRM version 7.1.8 contains a vulnerability related to the Missing Secure Flag, allowing browsers to transmit cookies over unsecured channels. This flaw can be exploited by an attacker using a Man-in-the-Middle (MITM) attack to intercept sensitive cookie information. It raises significant security concerns, as plain text cookies may expose user sessions and sensitive information to unauthorized access.

References

https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2022
Vulnerability Reserved
Aug 29, 2022

Espocrm

What is CVE-2022-38846?

References

CVSS V3.1

Timeline