{"containers": {"cna": {"affected": [{"product": "Openshift Origin", "vendor": "n/a", "versions": [{"status": "affected", "version": "Openshift Origin 3"}]}], "descriptions": [{"lang": "en", "value": "In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-614", "description": "CWE-614", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-07T12:25:43.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/openshift/origin/pull/2261"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/openshift/origin/pull/2291"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3207", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Openshift Origin", "version": {"version_data": [{"version_value": "Openshift Origin 3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-614"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"}, {"name": "https://github.com/openshift/origin/pull/2261", "refsource": "MISC", "url": "https://github.com/openshift/origin/pull/2261"}, {"name": "https://github.com/openshift/origin/pull/2291", "refsource": "MISC", "url": "https://github.com/openshift/origin/pull/2291"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:31.989Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/openshift/origin/pull/2261"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/openshift/origin/pull/2291"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3207", "datePublished": "2022-07-07T12:25:43.000Z", "dateReserved": "2015-04-10T00:00:00.000Z", "dateUpdated": "2024-08-06T05:39:31.989Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openshift:origin:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F0EFD7A-DAAA-4EF9-A0B5-3F7F5DB71855", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes."}, {"lang": "es", "value": "En Openshift Origin 3 las cookies que son establecidas en la consola no presentan atributos \"secure\", \"HttpOnly\""}], "id": "CVE-2015-3207", "lastModified": "2024-11-21T02:28:54.427", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-07T13:15:08.087", "references": [{"source": "secalert@redhat.com", "tags": ["Permissions Required"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openshift/origin/pull/2261"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/openshift/origin/pull/2291"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openshift/origin/pull/2261"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/openshift/origin/pull/2291"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-614"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-311"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "github.com/openshift/origin: Insecure cookies in Openshift Origin in github.com/openshift/origin", "id": "2105433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105433"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "(CWE-311|CWE-614)", "details": ["In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.", "A flaw was found in OpenShift Origin. This vulnerability may allow unauthorized access and manipulation of the console via interception and manipulation of cookies."], "name": "CVE-2015-3207", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/elasticsearch6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-curator5-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-tests", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/cluster-network-addons-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/cluster-network-addons-operator-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "osp-director-provisioner-container", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2020-07-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3207\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3207\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1221882\nhttps://github.com/advisories/GHSA-rqph-25q9-9jhp\nhttps://github.com/openshift/origin/pull/2261\nhttps://github.com/openshift/origin/pull/2291"], "threat_severity": "Moderate"}

{}