BIT-espocrm-2022-38846

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/espocrm/BIT-espocrm-2022-38846.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-espocrm-2022-38846

Aliases

CVE-2022-38846

Published

2024-03-06T10:52:14.680Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.

Database specific

{
    "cpes": [
        "cpe:2.3:a:espocrm:espocrm:7.1.8:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-missing-secure-flag-1664bac5ffe4

Affected packages

Bitnami / espocrm

Package

Name: espocrm
Purl: pkg:bitnami/espocrm

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.1.8

Last affected

7.1.8