Vulnerabilities > CVE-2019-25091 - Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Nsupdate Nsupdate.Info

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

nsupdate

CWE-1004

NVD

Published: 2022-12-27

Updated: 2024-04-11

Summary

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRF_COOKIE_HTTPONLY leads to cookie without 'httponly' flag. It is possible to initiate the attack remotely. The name of the patch is 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. It is recommended to apply a patch to fix this issue. The identifier VDB-216909 was assigned to this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Nsupdate Nsupdate Nsupdate.Info - Nsupdate Nsupdate.Info 0.2.0 Nsupdate Nsupdate.Info 0.3.0 Nsupdate Nsupdate.Info 0.4.0 Nsupdate Nsupdate.Info 0.5.0 Nsupdate Nsupdate.Info 0.6.0 Nsupdate Nsupdate.Info 0.7.0 Nsupdate Nsupdate.Info 0.8.0 Nsupdate Nsupdate.Info 0.9.0 Nsupdate Nsupdate.Info 0.9.1 Nsupdate Nsupdate.Info 0.10.0 Nsupdate Nsupdate.Info 0.11.0 Nsupdate Nsupdate.Info 0.12.0	13

Common Weakness Enumeration (CWE)

CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References