Bugzilla – Bug 922233
VUL-0: CVE-2013-7436: novnc: session hijack through insecurely set session token cookies
Last modified: 2022-02-13 11:07:26 UTC
novnc may set a cookie without the secure flag set. This may cause the cookie to be also sent for requests to non-secure connections, thus leaking session data. From the upstream commit: Adds support for secure attribute on token cookie This patch adds support for the secure attribute on token cookies (sent by nova-novncproxy). If the https is used to transfer the cookie, the secure attribute is set thus restricting server requestes to secure conections only. This should prevent man-in-the-middle attacks. https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7436 http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7436.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778618 https://bugzilla.redhat.com/show_bug.cgi?id=1193451
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-03-27. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61101
bugbot adjusting priority
I think both Cloud 4 and Cloud 5 are affected.
added to Cloud:OpenStack:Icehouse/novnc Cloud:OpenStack:Juno/novnc
I had the package excluded when trying to check the patchinfo in. However the patchinfo vanished, so probably someone else cared.
Not pursuing Cloud 4 update. Releasing Cloud 5 update, this should exhaust this issue.
SUSE-SU-2015:1300-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 922233 CVE References: CVE-2013-7436 Sources used: SUSE Cloud 5 (src): novnc-0.4-0.13.1
all released