Cross-Site Attack Vulnerability in Quarkus Form Authentication

Cross-Site Attack Vulnerability in Quarkus Form Authentication

CVE-2023-0044 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.

Learn more about our Web Application Penetration Testing UK.