CVE-2020-26955

MEDIUM Year: 2020
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-565
View all →

Vulnerability Description

When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.

Related Vulnerabilities

CVE-2021-29624

MEDIUM
CVSS:6.5(Medium)

fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an...

CWE-5652021

CVE-2022-1148

MEDIUM
CVSS:6.5(Medium)

Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's...

CWE-5652022

CVE-2022-2615

MEDIUM
CVSS:6.5(Medium)

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-5652022

CVE-2017-8034

MEDIUM
CVSS:6.6(Medium)

The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer...

CWE-5652017

CVE-2020-15128

MEDIUM
CVSS:6.3(Medium)

In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other the...

CWE-5652020

CVE-2021-3818

MEDIUM
CVSS:6.3(Medium)

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking

CWE-5652021