Cookie with Insecure or Improper or Missing SameSite attribute

XMLWordPrintable

    • Type: New Feature Request
    • Resolution: Unresolved
    • Priority: Minor
    • None
    • Affects Version/s: 4.0.44, 5.0.31, 6.0.13, 6.2.7, 6.4.0rc1
    • Component/s: Frontend (F)

      Hi,
      on login Zabbix return a sessionid in a cookie with no additional security attributes.

      The response contains Sensitive Cookie with Insecure or Improper or Missing SameSite attribute, which may lead toCookie information leakage, which may extend to Cross-Site-Request-Forgery(CSRF) attacks if there are no additionalprotections in place.

            Assignee:
            Zabbix Development Team
            Reporter:
            Elina Kuzyutkina (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: