Description
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.
References (3)
Core 3
Core References
Permissions Required x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1221882
Patch, Third Party Advisory x_refsource_misc
https://github.com/openshift/origin/pull/2261
Third Party Advisory x_refsource_misc
https://github.com/openshift/origin/pull/2291
Scores
CVSS v3
5.3
EPSS
0.0020
EPSS Percentile
42.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-614
CWE-311
Status
published
Products (2)
openshift/origin
3.0.0
openshift/origin
0 - 1.0.0Go
Published
Jul 07, 2022
Tracked Since
Feb 18, 2026