Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yM2pxLTRyNWMtajlocM4AA--m
Taipy has a Session Cookie without Secure and HTTPOnly flags
Summary
Session cookie is without Secure and HTTPOnly flags.
Details
Please take a look at this part of code (PoC screenshot) or check code directly (provided in Occurrences section below)
Occurrences:
https://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsx#L67
Proposed remediation: add Secure and HTTPOnly flags for cookies.
It could be like this:
document.cookie = tprh=${tprh};path=/;Secure;HttpOnly;;
PoC
Screenshot:
Impact
Secure: This flag indicates that the cookie should only be sent over secure HTTPS connections. Without this flag, the cookie will be sent over both HTTP and HTTPS connections, which could expose it to interception or tampering if the connection is not secure.
HttpOnly: This flag prevents the cookie from being accessed by client-side JavaScript. It helps mitigate certain types of attacks, such as cross-site scripting (XSS), by preventing malicious scripts from accessing the cookie's value.
References
CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute https://cwe.mitre.org/data/definitions/614.html
CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag - https://cwe.mitre.org/data/definitions/1004.html
OWASP - Secure Cookie Attribute - https://owasp.org/www-community/controls/SecureCookieAttribute
Cookie security flags - https://www.invicti.com/learn/cookie-security-flags/
Cookie lack Secure flag - https://support.detectify.com/support/solutions/articles/48001048982-cookie-lack-secure-flag
Other:
Title: Encrypting the Web
URL: https://www.eff.org/encrypt-the-web
Update (Required advisory information) - added severity, resource:
https://portswigger.net/kb/issues/00500200_tls-cookie-without-secure-flag-set
Best regards,
Permalink: https://github.com/advisories/GHSA-r3jq-4r5c-j9hpJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yM2pxLTRyNWMtajlocM4AA--m
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: about 1 month ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Identifiers: GHSA-r3jq-4r5c-j9hp, CVE-2024-47833
References:
- https://github.com/Avaiga/taipy/security/advisories/GHSA-r3jq-4r5c-j9hp
- https://github.com/Avaiga/taipy/blob/develop/frontend/taipy-gui/src/components/Taipy/Navigate.tsx#L67
- https://nvd.nist.gov/vuln/detail/CVE-2024-47833
- https://github.com/advisories/GHSA-r3jq-4r5c-j9hp
Blast Radius: 3.9
Affected Packages
pypi:taipy
Dependent packages: 2Dependent repositories: 4
Downloads: 8,573 last month
Affected Version Ranges: <= 3.1.1
Fixed in: 4.0.0
All affected versions: 1.0.0, 1.1.0, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.4.0, 3.0.0, 3.1.0, 3.1.1
All unaffected versions: 4.0.0, 4.0.1