CWE-315 8 件の CVE MITRE の定義 ↗

CWE-315: Cleartext Storage of Sensitive Information in a Cookie

概要

CWE-315（Cleartext Storage of Sensitive Information in a Cookie）は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響: セキュリティ影響：製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

The product stores sensitive information in cleartext in a cookie.

適用プラットフォーム

種別	名称	クラス	普遍性	OS / CPE
language	—	Not Language-Specific	Undetermined	—

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE	公開	概要
CVE-2026-25818	2026-03-13	HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an atta…
CVE-2025-8528	2025-08-04	A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext sto…
CVE-2025-4537	2025-05-11	A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/logi…
CVE-2024-41290	2024-10-02	FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component.
CVE-2024-8644	2024-09-27	Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking). This issue affects ValeApp:…
CVE-2024-24768	2024-02-05	1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in …
CVE-2021-34564	2021-08-31	Any cookie-stealing vulnerabilities within the application or browser would enable an attacker to steal the user's credentials to the PEPPERL+FUCHS WirelessHART-Gateway 3.0.9.
CVE-2018-19941	2020-12-31	A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-availabl…

旧名称

Plaintext Storage in Cookie (2008-04-11)
Plaintext Storage in a Cookie (2013-07-17)

コンテンツ投稿

名称: PLOVER
日付: 2006-07-19
バージョン: Draft 3

コンテンツの変更履歴

日付	名称	バージョン	重要度	コメント
2008-07-01	Sean Eidemiller	1.0	—	added/updated demonstrative examples
2008-07-01	Eric Dalci	1.0	—	updated Time_of_Introduction
2008-09-08	CWE Content Team	1.0	—	updated Relationships, Taxonomy_Mappings
2011-06-01	CWE Content Team	1.13	—	updated Common_Consequences
2012-05-11	CWE Content Team	2.2	—	updated Demonstrative_Examples, Relationships
2013-07-17	CWE Content Team	2.5	—	updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, Terminology_Notes
2014-07-30	CWE Content Team	2.8	—	updated Demonstrative_Examples, Relationships, Taxonomy_Mappings
2017-11-08	CWE Content Team	3.0	—	updated Modes_of_Introduction, Relationships
2020-02-24	CWE Content Team	4.0	—	updated Relationships
2021-10-28	CWE Content Team	4.6	—	updated Relationships
2023-01-31	CWE Content Team	4.10	—	updated Description
2023-04-27	CWE Content Team	4.11	—	updated Detection_Factors, Relationships
2023-06-29	CWE Content Team	4.12	—	updated Mapping_Notes
2025-12-11	CWE Content Team	4.19	—	updated Relationships, Weakness_Ordinalities

貢献

タイプ	名称	日付	コメント
Content	Camille Gouttebroze	2024-10-28	reported a syntax error in demox 1

cvelogic Threat Intelligence