REDHAT-BUG-2379360: XSS
A flaw was found in Ansible. Sensitive Cookies without Security Flags over non-encrypted channels may lead to Man-in-the-Middle (MitM) and Cross-site Scripting (XSS). Flags such as "Set-Cookie: EXAMPLE=AAAABBBBCCCCDDDDAAAABBBCCC; path=/; HttpOnly; Secure; SameSite=[Strict or Lax];" are required to mitigate this issue.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2379360?
The severity of REDHAT-BUG-2379360 is high due to the potential for Man-in-the-Middle (MitM) and Cross-site Scripting (XSS) attacks.
How do I fix REDHAT-BUG-2379360?
To fix REDHAT-BUG-2379360, ensure that sensitive cookies are set with appropriate flags such as HttpOnly, Secure, and SameSite.
Which software is affected by REDHAT-BUG-2379360?
REDHAT-BUG-2379360 affects Ansible software, particularly versions that do not implement secure cookie practices.
What is a Man-in-the-Middle (MitM) attack in the context of REDHAT-BUG-2379360?
In the context of REDHAT-BUG-2379360, a Man-in-the-Middle (MitM) attack occurs when an attacker intercepts communication to exploit unprotected sensitive cookies.
Why are cookie security flags important in REDHAT-BUG-2379360?
Cookie security flags are important in REDHAT-BUG-2379360 as they protect against unauthorized access and help prevent XSS and MitM vulnerabilities.