CVE-2024-0349

EPSS 0.05%
Veröffentlicht 09.01.2024 23:15:09
Zuletzt bearbeitet 21.11.2024 08:46:22
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Engineers Online Portal Project ≫ Engineers Online Portal Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.146

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

https://mega.nz/file/TU1X3TIQ#7bPvxEP0KrdoDZVg-dqinNC5fEQrG5uu58jWzPGh904

Third Party Advisory

https://vuldb.com/?ctiid.250117

Third Party Advisory

Permissions Required

https://vuldb.com/?id.250117

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0349

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0349

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0349

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-0349