CVE-2017-1000046
published 2017-07-17CVE-2017-1000046: Mautic 2.6.1 and earlier fails to set flags on session cookies
PriorityP430high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EPSS
1.11%
61.7th percentile
Mautic 2.6.1 and earlier fails to set flags on session cookies
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mautic | core | >= 0 < 2.1.1 | 2.1.1 |
| mautic | mautic | <= 2.6.1 | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Sensitive Cookie Without HttpOnly and Secure Flag
ghsa·2022-05-13
CVE-2017-1000046 [HIGH] CWE-614 Sensitive Cookie Without HttpOnly and Secure Flag
Sensitive Cookie Without HttpOnly and Secure Flag
Mautic prior to 2.1.1 fails to set flags on session cookies
OSV
Sensitive Cookie Without HttpOnly and Secure Flag
osv·2022-05-13
CVE-2017-1000046 [HIGH] Sensitive Cookie Without HttpOnly and Secure Flag
Sensitive Cookie Without HttpOnly and Secure Flag
Mautic prior to 2.1.1 fails to set flags on session cookies
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-07-17
Published