ГлавнаяУязвимости → CVE-2023-53957
9.8критическая

CVE-2023-53957

Описание

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.

Затрагиваемое ПО
Kimai Kimai
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/kimai/kimai/releases/tag/1.30.10https://www.exploit-db.com/exploits/51278https://www.vulncheck.com/advisories/kimai-samesite-cookie-vulnerability-session-hijacking