// For flags

CVE-2024-2756

__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.

Debido a una solución incompleta de CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p, los atacantes de la red y del mismo sitio pueden establecer una cookie estándar insegura en el navegador de la víctima que se trata como una __Host- o __Secure- cookie por aplicaciones PHP.

*Credits: Marco Squarcina
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
Poc
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-03-21 CVE Reserved
  • 2024-04-16 CVE Published
  • 2024-05-08 EPSS Updated
  • 2024-08-01 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
PHP Group
Search vendor "PHP Group"
PHP
Search vendor "PHP Group" for product "PHP"
>= 8.1.0 < 8.1.28
Search vendor "PHP Group" for product "PHP" and version " >= 8.1.0 < 8.1.28"
en
Affected
PHP Group
Search vendor "PHP Group"
PHP
Search vendor "PHP Group" for product "PHP"
>= 8.2.0 < 8.2.18
Search vendor "PHP Group" for product "PHP" and version " >= 8.2.0 < 8.2.18"
en
Affected
PHP Group
Search vendor "PHP Group"
PHP
Search vendor "PHP Group" for product "PHP"
>= 8.3.0 < 8.3.5
Search vendor "PHP Group" for product "PHP" and version " >= 8.3.0 < 8.3.5"
en
Affected