-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from cookies being set without Secure/HttpOnly attributes. Analysis focused on console authentication and session management functions where cookies are created and set. The most likely candidates are HTTP handler functions in the console server and authentication components that directly manipulate Set-Cookie headers. While exact patch diffs aren't available, the CWE-614 description and OpenShift's architecture suggest these functions would be modified to add the missing security attributes in the patched version.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/openshift/origin | go | < 1.0.0 | 1.0.0 |