Project

General

Profile

Actions
Copy link

Bug #11352

closed

Foreman 1.7.5 CVE-2015-3155 - The _session_id cookie is issued without the Secure flag

Added by Brian Lee over 9 years ago. Updated over 7 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
1.7.5
Red Hat JIRA:

Description

The 1.7.5 branch has the same security issue as this: http://projects.theforeman.org/issues/10275

Related issues 1 (0 open1 closed)

Related to Foreman - Bug #10275: CVE-2015-3155 - The _session_id cookie is issued without the Secure flagClosedShlomi Zadok04/27/2015Actions
Actions
Copy link
 #1

Updated by Dominic Cleal over 9 years ago

  • Related to Bug #10275: CVE-2015-3155 - The _session_id cookie is issued without the Secure flag added
Actions
Copy link
 #2

Updated by Dominic Cleal over 9 years ago

Currently I have no plan to release a new 1.7 minor release due to the availability of 1.8.1 or 1.9, which contain fixes, and the lower severity of the issue.

The top of http://theforeman.org/security.html has a summary of when you can expect fixes to be released.

Actions
Copy link
 #3

Updated by Anonymous over 7 years ago

  • Status changed from New to Rejected
Actions
Copy link

Also available in: Atom PDF