Skip to content
Sign up
Product
Features
Mobile
Actions
Codespaces
Copilot
Packages
Security
Code review
Issues
Integrations
GitHub Sponsors
Customer stories
Team
Enterprise
Explore
Explore GitHub
Learn and contribute
Topics
Collections
Trending
Skills
GitHub Sponsors
Open source guides
Connect with others
The ReadME Project
Events
Community forum
GitHub Education
GitHub Stars program
Marketplace
Pricing
Plans
Compare plans
Contact Sales
Education
In this repository
All GitHub
↵
Jump to
↵
No suggested jump to results
In this repository
All GitHub
↵
Jump to
↵
In this organization
All GitHub
↵
Jump to
↵
In this repository
All GitHub
↵
Jump to
↵
Sign in
Sign up
{{ message }}
apache
/
guacamole-website
Public
Notifications
Fork
87
Star
210
Code
Pull requests
1
Actions
Projects
0
Security
Insights
More
Code
Pull requests
Actions
Projects
Security
Insights
Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Document vulnerability
CVE-2018-1340
, fixed in 1.0.0.
Loading branch information
mike-jumper
committed
Jan 23, 2019
1 parent
deaf070
commit
114e5e1f8536d1fd30dc21850ccb79edcf753c87
Showing
1 changed file
with
13 additions
and
0 deletions
.
Split
Unified
There are no files selected for viewing
13
_security/CVE-2018-1340.md
Show comments
View file
Edit file
Delete file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Show hidden characters
@@ -0,0 +1,13 @@
---
title
:
Secure flag missing from session cookie
cve
:
CVE-2018-1340
fixed
:
1.0.0
---
Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the
user's session token. This cookie lacked the "secure" flag, which could allow
an attacker eavesdropping on the network to intercept the user's session token
if unencrypted HTTP requests are made to the same domain.
Acknowledgements: We would like to thank Ross Golder for reporting this issue.
Toggle all file notes
Toggle all file annotations
0 comments on commit
114e5e1
Please
sign in
to comment.
You can’t perform that action at this time.
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
