Hi Team,
We run Burp suit on AWX 9.0.1 deployed on kubernetes cluster and found below vulnerability:
- The following cookie was issued by the application and does not have the secure flag set:
- sessionid
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.This issue was found in multiple locations under the reported path.
- The following cookie was issued by the application and does not have the secure flag set:
- csrftoken
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.This issue was found in multiple locations under the reported path.
- The following cookies were issued by the application and do not have the secure flag set:
- csrftoken
- sessionid
The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
- The following cookies were issued by the application and do not have the secure flag set:
- csrftoken
- sessionid
- current_user
The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
- The following cookie was issued by the application and does not have the secure flag set:
- userLoggedIn
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
- The page contains a form with the following action URL, which is submitted using the GET method:
- https://10.61.244.164:32164/static/partials/login/loginModal/loginModal.partial.html
The form contains the following password field: - login_password
- The page contains a form with the following action URL, which is submitted using the GET method:
- https://10.61.244.164:32164/static/partials/templates/prompt/steps/survey/prompt-survey.partial.html
The form contains the following password field: - survey_question_{{$index}}
- The following cookie was issued by the application and does not have the HttpOnly flag set:
- csrftoken
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.This issue was found in multiple locations under the reported path.
- The following cookie was issued by the application and does not have the HttpOnly flag set:
- csrftoken
The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
- The following cookies were issued by the application and do not have the HttpOnly flag set:
- csrftoken
- current_user
The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
- The following cookie was issued by the application and does not have the HttpOnly flag set:
- userLoggedIn
The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
- The page contains a form with the following action URL:
- https://10.61.244.164:32164/static/partials/login/loginModal/loginModal.partial.html
The form contains the following password field with autocomplete enabled: - login_password
- The response states that the content type is application/octet-stream. However, it actually appears to contain unrecognized content.
The following browsers may interpret the response as HTML:
- Internet Explorer 11
- Internet Explorer 11 (Compatibility Mode)
- Edge
-
The value of the URL path folder 1 is copied into the application’s response.
-
The following email address was disclosed in the response:
- The following RFC 1918 IP address was disclosed in the response:
- 192.168.2.100
- The following RFC 1918 IP addresses were disclosed in the response:
- 10.102.98.102
- 10.111.187.58
- 10.96.0.1
- 10.96.45.199
- 10.97.245.66
- If a response states that it contains HTML content but does not specify a character set, then the browser may analyze the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application’s defensive filters.
In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of affected responses, and the context in which they appear, to determine whether any vulnerability exists.
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html
Is it possible to confirm if these are genuine and needs to be addressed or is it safe to ignore these.
Regards,
Amit