CVE-2022-38846

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-38846

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-38846.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-38846

Aliases

BIT-espocrm-2022-38846

Published

2022-09-16T13:15:24Z

Modified

2026-05-15T04:05:04.713691762Z

Summary

[none]

Details

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/38xxx/CVE-2022-38846.json",
    "cna_assigner": "mitre"
}

References

https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-missing-secure-flag-1664bac5ffe4
https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/38xxx/CVE-2022-38846.json
https://nvd.nist.gov/vuln/detail/CVE-2022-38846

CVE-2022-38846

Affected packages