CSRF Cookie Insecure Attribute Vulnerability in Octopus Deploy

CSRF Cookie Insecure Attribute Vulnerability in Octopus Deploy

CVE-2019-19375 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS versions 2019.6.14 and 2019.9.8.)

Learn more about our Web Application Penetration Testing UK.