Fluid Attacks Database

Description

rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute rdiffweb version 2.4.1 is vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. This makes it so that a user's cookies can be sent to the server with an unencrypted request over the HTTP protocol. Version 2.4.2 contains a fix for the issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	rdiffweb	=2.4.1 \|\| >=2.4.1 <2.4.2	2.4.2

Aliases

1. CVE-2022-31742. NVD-2022-31743. OSV-2022-31744. GHSA-mjw4-xvx6-3grg5. GCVE-2022-3174

References

1. https://github.com/ikus060/rdiffweb/commit/f2de2371c5e13ce1c6fd6f9a1ed3e5d46b93cd7e2. https://github.com/pypa/advisory-database/tree/main/vulns/rdiffweb/PYSEC-2022-271.yaml3. https://huntr.dev/bounties/d8a32bd6-c76d-4140-a5ca-ef368a3058ce

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.