Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-8268

Cookie with Insecure or Improper or Missing SameSite attribute

XMLWordPrintable

    • Icon: New Feature Request New Feature Request
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • 4.0.44, 5.0.31, 6.0.13, 6.2.7, 6.4.0rc1
    • Frontend (F)

      Hi,
      on login Zabbix return a sessionid in a cookie with no additional security attributes.

      The response contains Sensitive Cookie with Insecure or Improper or Missing SameSite attribute, which may lead toCookie information leakage, which may extend to Cross-Site-Request-Forgery(CSRF) attacks if there are no additionalprotections in place.

            zabbix.dev Zabbix Development Team
            elina.kuzyutkina Elina Kuzyutkina (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: