Quarkus Form Auth Cookie Path XSS Info Disclosure
CVE-2023-0044 Published on February 23, 2023
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
Products Associated with CVE-2023-0044
stack.watch emails you whenever new vulnerabilities are published in Quarkus or Red Hat Build Of Quarkus. Just hit a watch button to start following.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.