What is CVE-2021-3882?

CVE-2021-3882 is a medium-severity vulnerability in Ledgersmb Ledgersmb/ledgersmb, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 5.9/10. Published 2021-10-14.

How severe is CVE-2021-3882?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Ledgersmb Ledgersmb/ledgersmb

CVE-2021-3882

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be…

EPSS: 0.001 (29.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N.

Affected products

Ledgersmb Ledgersmb/ledgersmb — versions 1.8.0, unspecified

Weakness classification (CWE)

CWE-614 — Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

References

huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d (x_refsource_CONFIRM)
github.com/ledgersmb/ledgersmb/commit/c242f5a2abf4b99b0da205473cbba034f306bfe2 (x_refsource_MISC)
ledgersmb.org/cve-2021-3882-sensitive-non-secure-cookie (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-3882?: CVE-2021-3882 is a medium-severity vulnerability in Ledgersmb Ledgersmb/ledgersmb, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 5.9/10. Published 2021-10-14.
How severe is CVE-2021-3882?: Medium severity. CVSS v3 base score is 5.9 out of 10.