Sensitive Cookie with Improper SameSite Attribute
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-1275: Sensitive Cookie with Improper SameSite Attribute |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Found a configuration file where the same_site attribute is not set to ’lax’ or ‘strict’. Setting ‘same_site’ to ’lax’ or ‘strict’ restricts cookies to a first-party or same-site context, which will protect your cookies and prevent CSRF.