CVE-2022-3251: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ikus060/minarca
First published: Wed Sep 21 2022(Updated: )
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2.
Credit: security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ikus-soft Minarca | <4.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-3251?
CVE-2022-3251 is a vulnerability that allows an attacker to intercept sensitive information contained in an HTTPS session due to the absence of the 'Secure' attribute on a cookie.
What is the severity of CVE-2022-3251?
CVE-2022-3251 has a severity rating of 5.3 (high).
Which software version is affected by CVE-2022-3251?
Versions up to and exclusive of 4.2.2 of Ikus-soft Minarca are affected by CVE-2022-3251.
How can I fix CVE-2022-3251?
To fix CVE-2022-3251, update your Ikus-soft Minarca installation to version 4.2.2 or newer and ensure that the 'Secure' attribute is enabled for all applicable cookies.
Are there any additional references for CVE-2022-3251?
Additional references for CVE-2022-3251 can be found at the following URLs: [GitHub commit](https://github.com/ikus060/minarca/commit/7b5c7e6cbd59268d5cd4f1b5f42e721db116f71a), [Huntr bounty information](https://huntr.dev/bounties/b9a1b411-060b-4235-9426-e39bd0a1d6d9)
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- vendor/ikus-soft
- canonical/ikus-soft minarca