Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2013-0249

Date: December 21, 2013

Overview

Ghost CMS before version v0.4.0 does not set the secure flag for a sensitive cookie in an HTTPS session.

Details

Ghost CMS before version v0.4.0 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.

Affected Environments

Ghost CMS before version v0.4.0

Prevention

Upgrade to Ghost CMS version 0.4.0

Language: JS

Good to know:

icon

Missing Encryption of Sensitive Data

CWE-311
icon

Upgrade Version

Upgrade to version 0.4.0

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): None
Availability (A): None

Related Resources (2)

https://github.com/TryGhost/Ghost/commit/17225d4928dfdf605dd5c351bc35804ce10511c1
https://www.mend.io/vulnerability-database/WS-2013-0249