CVE-2024-10718 — HIGH (7.5)

Q: How severe is CVE-2024-10718?

CVE-2024-10718 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-10718?

Check the references section above for vendor advisories and patch information. Affected products include: Phpipam Phpipam.

Vulnerability Description

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Phpipam	Phpipam	< 1.7.0

Related Weaknesses (CWE)

CWE-614 CWE-319

References

https://github.com/phpipam/phpipam/commit/ddf70ef6801442eb8b0be5eea829e470e653c7Patch
https://huntr.com/bounties/725bce8f-328f-4fbc-acf5-46ea920cd3c1ExploitThird Party Advisory

FAQ

What is CVE-2024-10718?

CVE-2024-10718 is a vulnerability with a CVSS score of 7.5 (HIGH). In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, pote...

How severe is CVE-2024-10718?

CVE-2024-10718 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-10718?

Check the references section above for vendor advisories and patch information. Affected products include: Phpipam Phpipam.