Bug 2105433 (CVE-2015-3207)

Summary: CVE-2015-3207 github.com/openshift/origin: Insecure cookies in Openshift Origin in github.com/openshift/origin
Product: [Other] Security Response Reporter: Sage McTaggart <amctagga>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: akashem, bmontgom, danken, eglynn, eparis, fdeutsch, jburrell, jcantril, jjoyce, joelsmith, jschluet, lhh, lsvaty, mburns, mfojtik, mgarciac, nstielau, oramraz, osoukup, periklis, pgrist, phoracek, rhos-maint, rojacob, smullick, sponnaga, stirabos, sttts, thason, xxia
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in OpenShift Origin. This vulnerability may allow unauthorized access and manipulation of the console via interception and manipulation of cookies.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-07-08 18:49:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1221882    
Bug Blocks: 2106040    

Description Sage McTaggart 2022-07-08 18:48:29 UTC 
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.

https://bugzilla.redhat.com/show_bug.cgi?id=1221882
https://github.com/openshift/origin/pull/2261
https://github.com/openshift/origin/pull/2291
Comment 1 Sage McTaggart 2022-07-08 18:49:45 UTC 

*** This bug has been marked as a duplicate of bug 1221882 ***