Cleartext Storage of Sensitive Information in a CookieCWE-315
| CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
|---|---|---|---|---|---|
CVE-2024-8644Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: before v2.0.0. | CVSS 7.5 | - | - |  | |
CVE-2024-4540A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability. | CVSS 7.5 | Keycloak, et al | - | Patched |  |
CVE-2024-41290FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component. | CVSS 8.1 | Flatpress | - | - |  |
CVE-2024-247681Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.
| CVSS 7.5 | Fit2cloud | - | Patched |  |
CVE-2021-34564Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9. | CVSS 5.5 | Pepperl-fuchs | - | - |  |
CVE-2018-19941A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later) | CVSS 7.5 | Qnap | - | Patched |  |