{"containers": {"cna": {"affected": [{"product": "Openshift Origin", "vendor": "n/a", "versions": [{"status": "affected", "version": "Openshift Origin 3"}]}], "descriptions": [{"lang": "en", "value": "In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-614", "description": "CWE-614", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-07T12:25:43", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/openshift/origin/pull/2261"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/openshift/origin/pull/2291"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2015-3207", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Openshift Origin", "version": {"version_data": [{"version_value": "Openshift Origin 3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-614"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"}, {"name": "https://github.com/openshift/origin/pull/2261", "refsource": "MISC", "url": "https://github.com/openshift/origin/pull/2261"}, {"name": "https://github.com/openshift/origin/pull/2291", "refsource": "MISC", "url": "https://github.com/openshift/origin/pull/2291"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:31.989Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/openshift/origin/pull/2261"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/openshift/origin/pull/2291"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3207", "datePublished": "2022-07-07T12:25:43", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:31.989Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openshift:origin:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F0EFD7A-DAAA-4EF9-A0B5-3F7F5DB71855", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes."}, {"lang": "es", "value": "En Openshift Origin 3 las cookies que son establecidas en la consola no presentan atributos \"secure\", \"HttpOnly\""}], "id": "CVE-2015-3207", "lastModified": "2024-11-21T02:28:54.427", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-07-07T13:15:08.087", "references": [{"source": "[email protected]", "tags": ["Permissions Required"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"}, {"source": "[email protected]", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openshift/origin/pull/2261"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://github.com/openshift/origin/pull/2291"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221882"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openshift/origin/pull/2261"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/openshift/origin/pull/2291"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-614"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-311"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "github.com/openshift/origin: Insecure cookies in Openshift Origin in github.com/openshift/origin", "id": "2105433", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105433"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "(CWE-311|CWE-614)", "details": ["In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.", "A flaw was found in OpenShift Origin. This vulnerability may allow unauthorized access and manipulation of the console via interception and manipulation of cookies."], "name": "CVE-2015-3207", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/elasticsearch6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-curator5-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-tests", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/cluster-network-addons-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/cluster-network-addons-operator-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "osp-director-provisioner-container", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2020-07-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3207\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3207\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1221882\nhttps://github.com/advisories/GHSA-rqph-25q9-9jhp\nhttps://github.com/openshift/origin/pull/2261\nhttps://github.com/openshift/origin/pull/2291"], "threat_severity": "Moderate"}