← volver
CVE-2022-32777

CVE-2022-32777

CVSS 7.5 HIGHEPSS 2.0%CWE-732
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.5EPSS 2.0%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
22 ago 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the session cookie to be leaked over non-HTTPS connections. This could allow an attacker to steal the session cookie via crafted HTTP requests.This vulnerabilty is for the session cookie which can be leaked via JavaScript.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
WWBN · AVideo

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sqlhttps://talosintelligence.com/vulnerability_reports/TALOS-2022-1542