CVE-2023-53957

Summary

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.

Affected Software

VendorProductVersion RangeStatus
KimaiKimai1.30.10affected

Weaknesses

  • CWE-1275: Sensitive Cookie with Improper SameSite Attribute

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References