CVE-2024-58317

Kentico Xperience <= 13.0.164 Cookie Security Configuration

CVSS 6.9 MEDIUMEPSS 0.2%CWE-614

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session security and authentication state.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Kentico · Xperience

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://devnet.kentico.com/download/hotfixes https://www.vulncheck.com/advisories/kentico-xperience-cookie-security-configuration