CVE-2023-0044

Name of the Vulnerable Software and Affected Versions Quarkus (affected versions not specified)

Description The issue is related to the Quarkus Form Authentication session cookie Path attribute being set to /, which may lead to a cross-site attack and potentially result in Information Disclosure. This can be prevented by using the Quarkus CSRF Prevention feature. The vulnerability is also associated with a lack of protection for the web page structure, which could allow a remote attacker to conduct a cross-site scripting (XSS) attack.

Recommendations As a temporary workaround, consider using the Quarkus CSRF Prevention feature to prevent cross-site attacks. Restrict access to the Quarkus Form Authentication session cookie to minimize the risk of exploitation. Avoid setting the Path attribute of the Quarkus Form Authentication session cookie to / until a more secure configuration is implemented.