Main Vulnerability Database Vulnerabilities #VU24903

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in Account - #VU24903

Published: February 4, 2020

Vulnerability identifier: #VU24903

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID:

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: JetBrains s.r.o.

Affected software:
Account

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the affected software does not set the secure attribute on authorization tokens or session cookies. A remote attacker can intercept the transmission and obtain information from the cookie in clear text.

Remediation

Install updates from vendor's website.

Sources

https://blog.jetbrains.com/blog/2020/01/24/jetbrains-security-bulletin-q4-2019/

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in Account - #VU24903

Detailed vulnerability description

Remediation

Sources

Please verify you're human