CVE-2022-38846

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-38846

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-38846.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-38846

Aliases

BIT-espocrm-2022-38846

Published

2022-09-16T14:15:09Z

Modified

2025-01-14T11:09:22.883683Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.

References

https://medium.com/cybersecurity-valuelabs/espocrm-7-1-8-is-vulnerable-to-missing-secure-flag-1664bac5ffe4

Affected packages

Git / github.com/espocrm/espocrm

Affected ranges

Type: GIT
Repo: https://github.com/espocrm/espocrm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8ec6fa0f52aab91e9109bc91a7687929a858ff6d

Affected versions

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.1.2

1.2.0

1.2.1

2.*

2.0.0

2.0.1

2.1.0

2.2.0

2.3.0

2.4.0

2.5.0

2.5.1

2.5.2

2.6.0

2.7.0

2.7.1

2.7.2

2.8.0

2.8.1

2.9.0

2.9.1

2.9.2

3.*

3.0.0

3.0.1

3.1.0

3.1.1

3.2.0

3.2.1

3.2.2

3.3.0

3.4.0

3.4.1

3.4.2

3.5.0

3.5.1

3.5.2

3.6.0

3.6.1

3.6.2

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.8.0

3.9.0

3.9.1

3.9.2

4.*

4.0.0

4.0.0-beta.1

4.0.0-beta.2

4.0.0-beta.3

4.0.0-beta.4

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.3.0

4.3.0-beta.1

4.3.0-beta.2

4.3.1

4.4.0

4.4.1

4.5.0

4.5.1

4.6.0

4.7.0

4.7.1

4.7.2

4.8.0

4.8.1

4.8.2

4.8.3

4.8.4

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.1.0

5.1.1

5.1.2

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2.5

5.3.0

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.4.0

5.4.1

5.4.2

5.4.3

5.4.4

5.4.5

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.6.0

5.6.1

5.6.10

5.6.11

5.6.12

5.6.13

5.6.14

5.6.2

5.6.3

5.6.4

5.6.5

5.6.6

5.6.7

5.6.8

5.6.9

5.7.0

5.7.1

5.7.10

5.7.11

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.7.7

5.7.8

5.7.9

5.8.0

5.8.1

5.8.2

5.8.3

5.8.4

5.8.5

5.9.0

5.9.1

5.9.2

5.9.3

5.9.4

6.*

6.0.0

6.0.0-beta1

6.0.0-beta2

6.0.0-beta3

6.0.0-beta4

6.0.1

6.0.10

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.0.9

6.1.0

6.1.1

6.1.10

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

7.*

7.0.0

7.0.1

7.0.10

7.0.2

7.0.3

7.0.4

7.0.5

7.0.6

7.0.7

7.0.8

7.0.9

7.1.0

7.1.1

7.1.2

7.1.3

7.1.4

7.1.5

7.1.6

7.1.7

7.1.8