Session Cookie Vulnerability in Cerebrate by Cerebrate Project
CVE-2023-41908

5.3MEDIUM

Key Information:

Vendor: Cerebrate-project
Status: Cerebrate
Vendor: CVE Published:; 5 September 2023

🔔 Create Cerebrate-project Vulnerability Alert

What is CVE-2023-41908?

Cerebrate versions prior to 1.15 are vulnerable to a security flaw wherein the session cookie lacks the Secure attribute. This oversight can potentially expose users to session hijacking attacks, as the cookie may be transmitted over unencrypted connections. It is crucial for users of affected versions to upgrade to 1.15 or later to mitigate this risk and ensure enhanced session security.

References

https://github.com/cerebrate-project/cerebrate/commit/9be...

https://github.com/cerebrate-project/cerebrate/compare/v1...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2023
Vulnerability Reserved
Sep 5, 2023

CVE-2023-41908 Data

JSON