CWE-565
AllowedReliance on Cookies without Validation and Integrity Checking
Abstraction: Base · Status: Incomplete
The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
95 vulnerabilities reference this CWE, most recent first.
GHSA-58QR-V987-VH6W
Vulnerability from github – Published: 2026-03-26 03:30 – Updated: 2026-03-26 15:30Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution.
Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.
{
"affected": [],
"aliases": [
"CVE-2014-125112"
],
"database_specific": {
"cwe_ids": [
"CWE-565"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-26T03:16:00Z",
"severity": "CRITICAL"
},
"details": "Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution.\n\nPlack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.",
"id": "GHSA-58qr-v987-vh6w",
"modified": "2026-03-26T15:30:36Z",
"published": "2026-03-26T03:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-125112"
},
{
"type": "WEB",
"url": "https://gist.github.com/miyagawa/2b8764af908a0dacd43d"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.23-TRIAL/changes"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/26/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5J3G-JM9F-QJGV
Vulnerability from github – Published: 2026-01-14 00:31 – Updated: 2026-01-14 00:31WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication.
{
"affected": [],
"aliases": [
"CVE-2022-50926"
],
"database_specific": {
"cwe_ids": [
"CWE-565"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T23:15:56Z",
"severity": "HIGH"
},
"details": "WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie\u0027s \u0027name\u0027 and \u0027roles\u0027 parameters to elevate from ordinary user to administrative privileges without authentication.",
"id": "GHSA-5j3g-jm9f-qjgv",
"modified": "2026-01-14T00:31:28Z",
"published": "2026-01-14T00:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50926"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/50793"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/wago-pfc-g-eth-rs-privilege-escalation"
},
{
"type": "WEB",
"url": "https://www.wago.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5QXH-R3CQ-86G7
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:34Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value.
{
"affected": [],
"aliases": [
"CVE-2017-6896"
],
"database_specific": {
"cwe_ids": [
"CWE-565"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-14T20:59:00Z",
"severity": "HIGH"
},
"details": "Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value.",
"id": "GHSA-5qxh-r3cq-86g7",
"modified": "2025-04-20T03:34:03Z",
"published": "2022-05-13T01:46:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6896"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/0B6715xUqH18MX29uRlpaSVJ4OTA/view?usp=sharing"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/141693/digisol-escalate.txt"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/41633"
},
{
"type": "WEB",
"url": "https://www.indrajithan.com/DIGISOL_router_previlage_escaltion"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2017/Mar/52"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5W5V-4M3M-W7HQ
Vulnerability from github – Published: 2025-10-31 00:30 – Updated: 2025-10-31 00:30In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method.
{
"affected": [],
"aliases": [
"CVE-2025-48980"
],
"database_specific": {
"cwe_ids": [
"CWE-565"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-31T00:15:36Z",
"severity": "MODERATE"
},
"details": "In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the \"Open Link in Split View\" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method.",
"id": "GHSA-5w5v-4m3m-w7hq",
"modified": "2025-10-31T00:30:35Z",
"published": "2025-10-31T00:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48980"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/3253725"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-64VP-Q339-G7H5
Vulnerability from github – Published: 2022-06-10 00:00 – Updated: 2022-06-16 00:00A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely.
{
"affected": [],
"aliases": [
"CVE-2016-15002"
],
"database_specific": {
"cwe_ids": [
"CWE-565"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-09T17:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely.",
"id": "GHSA-64vp-q339-g7h5",
"modified": "2022-06-16T00:00:23Z",
"published": "2022-06-10T00:00:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-15002"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.98355"
},
{
"type": "WEB",
"url": "https://youtu.be/KKlwi-u6wyA"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6Q68-2QQ3-8C3H
Vulnerability from github – Published: 2023-06-13 12:30 – Updated: 2026-05-22 09:31Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.
{
"affected": [],
"aliases": [
"CVE-2023-3050"
],
"database_specific": {
"cwe_ids": [
"CWE-565",
"CWE-784"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-13T12:15:09Z",
"severity": "CRITICAL"
},
"details": "Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.",
"id": "GHSA-6q68-2qq3-8c3h",
"modified": "2026-05-22T09:31:27Z",
"published": "2023-06-13T12:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3050"
},
{
"type": "WEB",
"url": "https://fordefence.com/cve-2023-3050-reliance-on-cookies-without-validation-and-integrity-checking-in-a-security-decision-vulnerability-in-tmt-lockcell-allows-privilege-abuse-authentication-bypass"
},
{
"type": "WEB",
"url": "https://www.usom.gov.tr/bildirim/tr-23-0345"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7G9C-PFQM-8RRR
Vulnerability from github – Published: 2024-10-15 06:30 – Updated: 2024-10-15 06:30The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.
{
"affected": [],
"aliases": [
"CVE-2024-9970"
],
"database_specific": {
"cwe_ids": [
"CWE-565"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-15T04:15:04Z",
"severity": "HIGH"
},
"details": "The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.",
"id": "GHSA-7g9c-pfqm-8rrr",
"modified": "2024-10-15T06:30:31Z",
"published": "2024-10-15T06:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9970"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/en/cp-139-8137-ea537-2.html"
},
{
"type": "WEB",
"url": "https://www.twcert.org.tw/tw/cp-132-8136-4d5b4-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7PHH-J5X4-5979
Vulnerability from github – Published: 2024-04-19 00:30 – Updated: 2024-04-19 00:30The application suffers from a privilege escalation vulnerability. An attacker logged in as guest can escalate his privileges by poisoning the cookie to become administrator.
{
"affected": [],
"aliases": [
"CVE-2024-22186"
],
"database_specific": {
"cwe_ids": [
"CWE-565"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-18T23:15:07Z",
"severity": "HIGH"
},
"details": "\nThe application suffers from a privilege escalation vulnerability. An \nattacker logged in as guest can escalate his privileges by poisoning the\n cookie to become administrator.\n\n",
"id": "GHSA-7phh-j5x4-5979",
"modified": "2024-04-19T00:30:54Z",
"published": "2024-04-19T00:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22186"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7R3H-4PH8-W38G
Vulnerability from github – Published: 2024-03-28 17:08 – Updated: 2024-03-28 17:08Impact
Affected configurations:
- Single-origin JupyterHub deployments
- JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server.
By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve the following:
- Full access to JupyterHub API and user's single-user server, e.g.
- Create and exfiltrate an API Token
- Exfiltrate all files hosted on the user's single-user server: notebooks, images, etc.
- Install malicious extensions. They can be used as a backdoor to silently regain access to victim's session anytime.
Patches
To prevent cookie-tossing:
- Upgrade to JupyterHub 4.1 (both hub and user environment)
- enable per-user domains via
c.JupyterHub.subdomain_host = "https://mydomain.example.org" - set
c.JupyterHub.cookie_host_prefix_enabled = Trueto enable domain-locked cookies
or, if available (applies to earlier JupyterHub versions):
- deploy jupyterhub on its own domain, not shared with any other services
- enable per-user domains via
c.JupyterHub.subdomain_host = "https://mydomain.example.org"
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "jupyterhub"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-28233"
],
"database_specific": {
"cwe_ids": [
"CWE-352",
"CWE-565",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-28T17:08:10Z",
"nvd_published_at": "2024-03-27T19:15:48Z",
"severity": "HIGH"
},
"details": "### Impact\n\nAffected configurations:\n\n- Single-origin JupyterHub deployments\n- JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server.\n\nBy tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former\u0027s session. More precisely, in the context of JupyterHub, this XSS could achieve the following:\n\n- Full access to JupyterHub API and user\u0027s single-user server, e.g.\n - Create and exfiltrate an API Token\n - Exfiltrate all files hosted on the user\u0027s single-user server: notebooks, images, etc.\n - Install malicious extensions. They can be used as a backdoor to silently regain access to victim\u0027s session anytime.\n\n### Patches\n\nTo prevent cookie-tossing:\n\n- Upgrade to JupyterHub 4.1 (both hub and user environment)\n- enable per-user domains via `c.JupyterHub.subdomain_host = \"https://mydomain.example.org\"`\n- set `c.JupyterHub.cookie_host_prefix_enabled = True` to enable domain-locked cookies\n\nor, if available (applies to earlier JupyterHub versions):\n\n- deploy jupyterhub on its own domain, not shared with any other services\n- enable per-user domains via `c.JupyterHub.subdomain_host = \"https://mydomain.example.org\"`",
"id": "GHSA-7r3h-4ph8-w38g",
"modified": "2024-03-28T17:08:10Z",
"published": "2024-03-28T17:08:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-7r3h-4ph8-w38g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28233"
},
{
"type": "WEB",
"url": "https://github.com/jupyterhub/jupyterhub/commit/e2798a088f5ad45340fe79cdf1386198e664f77f"
},
{
"type": "PACKAGE",
"url": "https://github.com/jupyterhub/jupyterhub"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing"
}
GHSA-7VMR-CGFV-Q59W
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2011-3887"
],
"database_specific": {
"cwe_ids": [
"CWE-565"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-10-25T19:55:00Z",
"severity": "MODERATE"
},
"details": "Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.",
"id": "GHSA-7vmr-cgfv-q59w",
"modified": "2022-05-13T01:26:54Z",
"published": "2022-05-13T01:26:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3887"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70965"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13179"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=98407"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48288"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48377"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1026774"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Avoid using cookie data for a security-related decision.
Mitigation
Perform thorough input validation (i.e.: server side validation) on the cookie data if you're going to use it for a security related decision.
Mitigation
Add integrity checks to detect tampering.
Mitigation
Protect critical cookies from replay attacks, since cross-site scripting or other attacks may allow attackers to steal a strongly-encrypted cookie that also passes integrity checks. This mitigation applies to cookies that should only be valid during a single transaction or session. By enforcing timeouts, you may limit the scope of an attack. As part of your integrity check, use an unpredictable, server-side value that is not exposed to the client.
CAPEC-226: Session Credential Falsification through Manipulation
An attacker manipulates an existing credential in order to gain access to a target application. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. An attacker may be able to manipulate a credential sniffed from an existing connection in order to gain access to a target server.
CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.
CAPEC-39: Manipulating Opaque Client-based Data Tokens
In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.