Main Vulnerability Database Vulnerabilities #VU24903

#VU24903 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in Account

Published: February 4, 2020

Vulnerability identifier: #VU24903

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID:

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Account

Software vendor:
JetBrains s.r.o.

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the affected software does not set the secure attribute on authorization tokens or session cookies. A remote attacker can intercept the transmission and obtain information from the cookie in clear text.

Remediation

Install updates from vendor's website.

External links

https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019/

#VU24903 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in Account

Description

Remediation

External links

Please verify you're human