CVE-2022-3250

Name of the Vulnerable Software and Affected Versions rdiffweb versions prior to 2.4.6

Description The issue concerns a sensitive cookie in an HTTPS session that lacks the 'Secure' attribute. This problem is present when the URL is invalid. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. The session id cookie is vulnerable due to the missing 'Secure' attribute.

Recommendations For versions prior to 2.4.6, update to version 2.4.6 to resolve the issue. As a temporary workaround, consider restricting access to sensitive cookies until the update is applied.