CVE-2024-44575
LowCVSS 3.7Exploitation Probability (EPSS)
Low risk17th percentile — higher than 17% of all known CVEs
Summary
The vulnerability in RELY-PCIe versions v22.2.1 to v23.1.0 fails to set the Secure attribute for sensitive cookies in HTTPS sessions. This could cause the user agent to send those cookies in cleartext over an unencrypted HTTP session.
Risk Assessment
The risk involves potential interception of sensitive authentication or session data by an attacker during transmission over an unencrypted HTTP connection, which could lead to unauthorized system access.
Recommendation
Immediately upgrade RELY-PCIe to a version later than v23.1.0 that includes a fix enforcing the Secure attribute for all sensitive cookies in HTTPS sessions.
Original NVD description (English source)
RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.

