2105433 – (CVE-2015-3207) CVE-2015-3207 github.com/openshift/origin: Insecure cookies in Openshift Origin in github.com/openshift/origin

Bug 2105433 (CVE-2015-3207) - CVE-2015-3207 github.com/openshift/origin: Insecure cookies in Openshift Origin in github.com/openshift/origin

Summary: CVE-2015-3207 github.com/openshift/origin: Insecure cookies in Openshift Orig...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2015-3207
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1221882
Blocks:	2106040
TreeView+	depends on / blocked

Reported:	2022-07-08 18:48 UTC by Sage McTaggart
Modified:	2024-10-30 13:32 UTC (History)
CC List:	30 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2022-07-08 18:49:45 UTC
Embargoed:

Attachments	(Terms of Use)

Description Sage McTaggart 2022-07-08 18:48:29 UTC

In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.

https://bugzilla.redhat.com/show_bug.cgi?id=1221882
https://github.com/openshift/origin/pull/2261
https://github.com/openshift/origin/pull/2291

Comment 1 Sage McTaggart 2022-07-08 18:49:45 UTC


*** This bug has been marked as a duplicate of bug 1221882 ***

Note You need to log in before you can comment on or make changes to this bug.

akashem
bmontgom
danken
eglynn
eparis
fdeutsch
jburrell
jcantril
jjoyce
joelsmith
jschluet
lhh
lsvaty
mburns
mfojtik
mgarciac
nstielau
oramraz
osoukup
periklis
pgrist
phoracek
rhos-maint
rojacob
smullick
sponnaga
stirabos
sttts
thason
xxia