Headline
CVE-2022-47715: GitHub - l00neyhacker/CVE-2022-47715
In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic.
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code
Use Git or checkout with SVN using the web URL.
Open with GitHub Desktop
Download ZIP
Latest commit
FilesPermalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
CVE-2022-47715
Cookie missing secure flag In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic.
Sample HTTP Response:
[Additional Information] HTTP/2 200 OK Date: x, x x 2022 04:29:43 GMT Content-Type: text/html; charset=utf-8 Server: nginx X-Frame-Options: DENY Vary: Cookie
Set-Cookie: LastYardVersion=22.09.8-1; expires=Sat, x x 2023 04:29:43 GMT; Max-Age=31536000; Path=/. <----------------
Set-Cookie: csrftoken=TmSZIwAxuul6kpXWDYlZ96FnNs6HTT1nNFsfkMrUMYq3mekiXv1FjqSUI2TugG74; expires=Fri, x x 2023 04:29:43 GMT; Max-Age=31449600; Path=/; SameSite=Lax; Secure X-Request-Id: x