CVE Catalog

CVE-2024-44575

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

17th percentile — higher than 17% of all known CVEs

Summary

The vulnerability in RELY-PCIe versions v22.2.1 to v23.1.0 fails to set the Secure attribute for sensitive cookies in HTTPS sessions. This could cause the user agent to send those cookies in cleartext over an unencrypted HTTP session.

Risk Assessment

The risk involves potential interception of sensitive authentication or session data by an attacker during transmission over an unencrypted HTTP connection, which could lead to unauthorized system access.

Recommendation

Immediately upgrade RELY-PCIe to a version later than v23.1.0 that includes a fix enforcing the Secure attribute for all sensitive cookies in HTTPS sessions.

Original NVD description (English source)

RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS