[#ZBXNEXT-8268] Cookie with Insecure or Improper or Missing SameSite attribute

[ZBXNEXT-8268] Cookie with Insecure or Improper or Missing SameSite attribute Created: 2023 Feb 10 Updated: 2023 Feb 10
Status:	Open
Project:	ZABBIX FEATURE REQUESTS
Component/s:	Frontend (F)
Affects Version/s:	4.0.44, 5.0.31, 6.0.13, 6.2.7, 6.4.0rc1
Fix Version/s:	None

Type:

New Feature Request

Priority:

Minor

Reporter:

Elina Kuzyutkina (Inactive)

Assignee:

Zabbix Development Team

Resolution:

Unresolved

Votes:

Labels:

frontend, security

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Issue Links:

Duplicate

Description

Hi,
on login Zabbix return a sessionid in a cookie with no additional security attributes.

The response contains Sensitive Cookie with Insecure or Improper or Missing SameSite attribute, which may lead toCookie information leakage, which may extend to Cross-Site-Request-Forgery(CSRF) attacks if there are no additionalprotections in place.

Generated at Thu Jun 04 19:50:23 EEST 2026 using Jira 10.3.18#10030018-sha1:5642e4ad348b6c2a83ebdba689d04763a2393cab.

[ZBXNEXT-8268] Cookie with Insecure or Improper or Missing SameSite attribute Created: 2023 Feb 10 Updated: 2023 Feb 10