{"id":"CVE-2023-3520","summary":"Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in it-novum/openitcockpit","details":"Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.","modified":"2026-04-11T12:45:20.527998Z","published":"2023-07-06T00:00:20.096Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3520.json","cwe_ids":["CWE-614"],"cna_assigner":"@huntrdev"},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/f3b277bb-91db-419e-bcc4-fe0b055d2551"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3520.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3520"},{"type":"FIX","url":"https://github.com/it-novum/openitcockpit/commit/6c717f3c352e55257fc3fef2c5dec111f7d2ee6b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openITCOCKPIT/openITCOCKPIT","events":[{"introduced":"0"},{"fixed":"b86f21bd4c725c8f02eaadf4c24e3d1ed586fc50"}],"database_specific":{"cpe":"cpe:2.3:a:it-novum:openitcockpit:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"4.6.6"}]}}],"versions":["openITCOCKPIT-3.0.10","openITCOCKPIT-3.0.10-10","openITCOCKPIT-3.0.10-5","openITCOCKPIT-3.0.10-6","openITCOCKPIT-3.0.11-4","openITCOCKPIT-3.0.11-6","openITCOCKPIT-3.0.4","openITCOCKPIT-3.0.6-1","openITCOCKPIT-3.0.7","openITCOCKPIT-3.0.8","openITCOCKPIT-3.0.8-2","openITCOCKPIT-3.0.9","openITCOCKPIT-3.1.5","openITCOCKPIT-3.3.0","openITCOCKPIT-3.4.2","openITCOCKPIT-3.4.3","openITCOCKPIT-3.6.0","openITCOCKPIT-4.0.4","openITCOCKPIT-4.0.5","openITCOCKPIT-4.1.0","openITCOCKPIT-4.1.1","openITCOCKPIT-4.1.3","openITCOCKPIT-4.1.4","openITCOCKPIT-4.2.2","openITCOCKPIT-4.2.3","openITCOCKPIT-4.3.0","openITCOCKPIT-4.3.1","openITCOCKPIT-4.3.2","openITCOCKPIT-4.3.3","openITCOCKPIT-4.4.0","openITCOCKPIT-4.4.1","openITCOCKPIT-4.5.0","openITCOCKPIT-4.5.1","openITCOCKPIT-4.5.2","openITCOCKPIT-4.5.3","openITCOCKPIT-4.5.4","openITCOCKPIT-4.5.5","openITCOCKPIT-4.6.0","openITCOCKPIT-4.6.1","openITCOCKPIT-4.6.2","openITCOCKPIT-4.6.3","openITCOCKPIT-4.6.5"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3520.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/openitcockpit/openitcockpit","events":[{"introduced":"0"},{"fixed":"6c717f3c352e55257fc3fef2c5dec111f7d2ee6b"}],"database_specific":{"source":"REFERENCES"}}],"versions":["openITCOCKPIT-3.0.10","openITCOCKPIT-3.0.10-10","openITCOCKPIT-3.0.10-5","openITCOCKPIT-3.0.10-6","openITCOCKPIT-3.0.11-4","openITCOCKPIT-3.0.11-6","openITCOCKPIT-3.0.4","openITCOCKPIT-3.0.6-1","openITCOCKPIT-3.0.7","openITCOCKPIT-3.0.8","openITCOCKPIT-3.0.8-2","openITCOCKPIT-3.0.9","openITCOCKPIT-3.1.5","openITCOCKPIT-3.3.0","openITCOCKPIT-3.4.2","openITCOCKPIT-3.4.3","openITCOCKPIT-3.6.0","openITCOCKPIT-4.0.4","openITCOCKPIT-4.0.5","openITCOCKPIT-4.1.0","openITCOCKPIT-4.1.1","openITCOCKPIT-4.1.3","openITCOCKPIT-4.1.4","openITCOCKPIT-4.2.2","openITCOCKPIT-4.2.3","openITCOCKPIT-4.3.0","openITCOCKPIT-4.3.1","openITCOCKPIT-4.3.2","openITCOCKPIT-4.3.3","openITCOCKPIT-4.4.0","openITCOCKPIT-4.4.1","openITCOCKPIT-4.5.0","openITCOCKPIT-4.5.1","openITCOCKPIT-4.5.2","openITCOCKPIT-4.5.3","openITCOCKPIT-4.5.4","openITCOCKPIT-4.5.5","openITCOCKPIT-4.6.0","openITCOCKPIT-4.6.1","openITCOCKPIT-4.6.2","openITCOCKPIT-4.6.3","openITCOCKPIT-4.6.5"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-3520.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}