Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in instantsoft/icms2
CVE-2023-4654

2.6LOW

Key Information:

Vendor: Instantsoft
Status: Instantsoft/icms2
Vendor: CVE Published:; 31 August 2023

🔔 Create Instantsoft Vulnerability Alert

What is CVE-2023-4654?

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

instantsoft/icms2 < 2.16.1

References

https://huntr.dev/bounties/56432a75-af43-4b1a-9307-bd8de5...

https://github.com/instantsoft/icms2/commit/ca5f150da11d9...

CVSS V3.1

Score:

2.6

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 31, 2023
Vulnerability Reserved
Aug 31, 2023

JSON

Instantsoft