CVE-2018-25060

HIGH Year: 2018
CVSS v3 Score
7.5
High
CVSS v2 Score
2.6
Low
Weakness Type
CWE-614
View all →

Vulnerability Description

A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability.

Related Vulnerabilities

CVE-2022-25151

HIGH
CVSS:7.5(High)

Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker cou...

CWE-6142022

CVE-2022-3174

HIGH
CVSS:7.5(High)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2.

CWE-6142022

CVE-2022-3251

HIGH
CVSS:7.5(High)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2.

CWE-6142022

CVE-2024-2493

HIGH
CVSS:7.5(High)

Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.1-00.

CWE-6142024

CVE-2020-27651

HIGH
CVSS:8.1(High)

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepti...

CWE-6142020

CVE-2025-24390

MEDIUM
CVSS:6.8(Medium)

A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. This issue affects: * OTRS 7.0...

CWE-6142025