CVE-2024-43180

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-43180
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43180.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-43180
Published
2024-09-13T02:15:01.887Z
Modified
2026-04-02T12:18:02.803448Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.

References

Affected packages

Git / github.com/ibm/concert

Affected ranges

Type
GIT
Repo
https://github.com/ibm/concert
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a58b5d823f3d64e1bb3e2171c3cbc684aec96252
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43180.json"