How severe is CVE-2022-39284?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2022-39284?

This is classified as CWE-665, which is a common weakness in software security.

CVE-2022-39284 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does not affect session cookies. Users are advised to upgrade to v4.2.7 or later. Users unable to upgrade are advised to manually construct their cookies either by setting the options in code or by constructing Cookie objects. Examples of each workaround are available in the linked GHSA.

Related Vulnerabilities

CVE-2019-1761

MEDIUM

CVSS:4.3(Medium)

A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from...

CWE-6652019

CVE-2023-35061

LOW

CVSS:4.3(Medium)

Improper initialization for the Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via...

CWE-6652023

CVE-2019-14556

MEDIUM

CVSS:4.4(Medium)

Improper initialization in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow a privileged user to potentially enable ...

CWE-6652019

CVE-2020-0522

MEDIUM

CVSS:4.4(Medium)

Improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via...

CWE-6652020

CVE-2020-24507

MEDIUM

CVSS:4.4(Medium)

Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user ...

CWE-6652020

CVE-2021-0095

MEDIUM

CVSS:4.4(Medium)

Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.

CWE-6652021