github-actions[bot]
commented
2 years ago Veracode issue link to PR: https://github.com/gwhittemore-veracode/Veracode-GW-Training-demo/pull/7
Open github-actions[bot] opened 2 years ago
github-actions[bot]
commented
2 years ago Veracode issue link to PR: https://github.com/gwhittemore-veracode/Veracode-GW-Training-demo/pull/7
github-actions[bot]
commented
1 year ago Veracode issue link to PR: https://github.com/gwhittemore-veracode/Veracode-GW-Training-demo/pull/174
https://github.com/gwhittemore-veracode/Veracode-GW-Training-demo/blob/2add22ec1b5a85a51e5134a9af33bf2e99488d44/com/veracode/verademo/controller/UserController.java#L168-L178
Filename: com/veracode/verademo/controller/UserController.java
Line: 173
CWE: 614 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute)
This call to javax.servlet.http.HttpServletResponse.addCookie() adds a cookie to the HTTP response that does not have the Secure attribute set. Failing to set this attribute allows the browser to send the cookie unencrypted over an HTTP session. Set the Secure attribute for all cookies used by HTTPS sessions. References: CWE OWASP