[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

Macaron csrf csrf.go Generate missing secure attribute

A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. Using CWE to declare the problem leads to CWE-614. The weakness was presented 12/30/2022 as dadd1711a617000b70e5e408a76531b73187031c. The advisory is available at github.com. This vulnerability is handled as CVE-2018-25060. The attack may be launched remotely. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1539 by the MITRE ATT&CK project. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. The patch is identified as dadd1711a617000b70e5e408a76531b73187031c. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single items and item collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Prioritizing items becomes possible.

User

VulDB Mod Team71

Field

cvss3_meta_tempscore2
cvss3_meta_basescore2
cvss3_cna_basescore1
cvss3_nvd_basescore1
cvss2_nvd_basescore1

Commit Conf

90%35
70%26
50%10

Approve Conf

90%35
70%26
80%10

71 Commits

IDCommitedUserFieldChangeRemarksModerationResponseC
1358407601/26/2023
 VulDB…		cvss3_cna_basescore3.7see CVSS documentation01/26/2023accepted
90
1358407501/26/2023
 VulDB…		cvss3_nvd_basescore7.5nist.gov01/26/2023accepted
90
1358407401/26/2023
 VulDB…		cvss2_nvd_basescore2.6nist.gov01/26/2023accepted
90
1358407301/26/2023
 VulDB…		cvss3_meta_tempscore4.9see CVSS documentation01/26/2023accepted
90
1358407201/26/2023
 VulDB…		cvss3_meta_basescore5.0see CVSS documentation01/26/2023accepted
90
1358407101/26/2023
 VulDB…		cve_cnaVulDBnvd.nist.gov01/26/2023accepted
70
1358407001/26/2023
 VulDB…		cvss3_cna_aNnvd.nist.gov01/26/2023accepted
70
1358406901/26/2023
 VulDB…		cvss3_cna_iNnvd.nist.gov01/26/2023accepted
70
1358406801/26/2023
 VulDB…		cvss3_cna_cLnvd.nist.gov01/26/2023accepted
70
1358406701/26/2023
 VulDB…		cvss3_cna_sUnvd.nist.gov01/26/2023accepted
70
1358406601/26/2023
 VulDB…		cvss3_cna_uiNnvd.nist.gov01/26/2023accepted
70
1358406501/26/2023
 VulDB…		cvss3_cna_prNnvd.nist.gov01/26/2023accepted
70
1358406401/26/2023
 VulDB…		cvss3_cna_acHnvd.nist.gov01/26/2023accepted
70
1358406301/26/2023
 VulDB…		cvss3_cna_avNnvd.nist.gov01/26/2023accepted
70
1358406201/26/2023
 VulDB…		cvss2_nvd_aiNnvd.nist.gov01/26/2023accepted
70
1358406101/26/2023
 VulDB…		cvss2_nvd_iiNnvd.nist.gov01/26/2023accepted
70
1358406001/26/2023
 VulDB…		cvss2_nvd_ciPnvd.nist.gov01/26/2023accepted
70
1358405901/26/2023
 VulDB…		cvss2_nvd_auNnvd.nist.gov01/26/2023accepted
70
1358405801/26/2023
 VulDB…		cvss2_nvd_acHnvd.nist.gov01/26/2023accepted
70
1358405701/26/2023
 VulDB…		cvss2_nvd_avNnvd.nist.gov01/26/2023accepted
70

51 more entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 51 results.

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!