GHSA-j224-7qr4-8646

Suggest an improvement
Source
https://github.com/advisories/GHSA-j224-7qr4-8646
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j224-7qr4-8646/GHSA-j224-7qr4-8646.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-j224-7qr4-8646
Aliases
  • CVE-2019-17104
Published
2022-05-24T16:58:02Z
Modified
2023-11-01T04:50:41.521382Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Centreon Does Not Set HTTPOnly Flag
Details

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.

Database specific
{
    "nvd_published_at": "2019-10-08T13:15:00Z",
    "cwe_ids": [
        "CWE-565"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-17T22:14:43Z"
}
References

Affected packages

Packagist / centreon/centreon

Package

Name
centreon/centreon
Purl
pkg:composer/centreon/centreon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
19.04.3

Affected versions

2.*

2.7.3
2.99.1
2.99.2
2.99.3
2.99.4
2.99.5

18.*

18.10.6
18.10.7
18.10.8
18.10.9
18.10.10
18.10.11
18.10.12

19.*

19.04.2
19.04.3