Daloradius
CVE-2022-4630
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master.
AnalysisAI
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-1004. Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. Affected products include: Daloradius.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Daloradius
View allCode Injection in GitHub repository lirantal/daloradius prior to master-branch. Rated high severity (CVSS 8.8), this vul
daloRADIUS is an open source RADIUS web management application. Rated high severity (CVSS 8.8), this vulnerability is re
Missing Authorization in GitHub repository lirantal/daloradius prior to master branch. Rated high severity (CVSS 7.5), t
Improper Restriction of Names for Files and Other Resources in GitHub repository lirantal/daloradius prior to master-bra
Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. Rated medium sev
Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. Rated medium sev
Same weakness CWE-1004 – Sensitive Cookie Without 'HttpOnly' Flag
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today