WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1340 Vulnerability in maven package org.apache.guacamole:guacamole

Description

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.

Remediation

References

http://www.securityfocus.com/bid/106768

https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E

Related Vulnerabilities

CVE-2019-1003050 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-15084 Vulnerability in npm package express-jwt

CVE-2020-28424 Vulnerability in npm package s3-kilatstorage

CVE-2023-30519 Vulnerability in maven package org.jenkins-ci.plugins:quayio-trigger

CVE-2020-2189 Vulnerability in maven package org.jenkins-ci.plugins:scm-filter-jervis

Severity

High

Classification

CWE-311 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory