CVE Catalog

CVE-2023-4654

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

20th percentile — higher than 20% of all known CVEs

Summary

In the GitHub repository instantsoft/icms2 prior to version 2.16.1, there is a vulnerability related to a sensitive cookie in an HTTPS session that lacks the 'Secure' attribute.

Risk Assessment

The absence of the 'Secure' attribute in cookies may allow attackers to intercept them, jeopardizing the confidentiality of user data.

Recommendation

It is recommended to upgrade to version 2.16.1 or later and ensure that all sensitive cookies have the 'Secure' attribute set.

Original NVD description (English source)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS