CVE-2024-0947

Name of the Vulnerable Software and Affected Versions Elektraweb versions prior to 17.0.68

Description The issue is related to the reliance on cookies without proper validation and integrity checking, allowing for session credential falsification through manipulation. This can involve accessing, intercepting, or modifying HTTP cookies, as well as manipulating opaque client-based data tokens.

Recommendations For versions prior to 17.0.68, update to version 17.0.68 or later to resolve the issue. As a temporary workaround, consider implementing additional validation and integrity checks for cookies to minimize the risk of exploitation. Restrict access to sensitive data and functions that rely on cookie-based authentication to reduce the potential impact of session credential falsification.