01642 06 11 11 Arrange Call

Cross-Site Attack Vulnerability in Quarkus Form Authentication

CVE-2023-0044 · MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE-2023-0044

If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.

Learn more about our Web Application Penetration Testing UK.