Loading...

XML

Word

Printable

Type: Feature
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Core, Networking
Labels:
- ingress
- security

Activity Type:
Product / Portfolio Work
Parent Link:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Size:
None

Target Version:
None
Release Blocker:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Review Complete:
None
PX Priority Data:
None
PX Impact Score:
PX Technical Impact:
None
PX Impact Range:
None
PX Scheduling Request:
None
PX Technical Impact Notes:
None

Intelligence Requested:
Market:

Route should have option to set arbitrary path other than root / path for cookie.

Customer security team consider it to be security vulnerability since cookie root path can be accesses by other app as well.

Every cookie created by an application and stored on the user's browser must have a path attribute. If the path attribute is set to / it means that the cookie is valid for all directories in the /path. If there were other applications configured in other parts of the application say /appl1 and/appl3 , this session cookie will be valid for both of those applications. This is irrespective of whether the user is authorized to use those applications or not. The impact is high as the user can gain unauthorized access to other critical applications

...

Assignee:: Deepthi Dharwar (Inactive)

Reporter:: Deepthi Dharwar (Inactive)

Need Info From:: None

Contributors:: None

Architect:: None

QA Contact:: None

Doc Contact:: Ashley Hardin

Product Operations Engineering Contact:: None

Votes:: 1 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2023/08/07 6:29 AM

Updated:: 2025/09/02 9:23 PM

Resolved:: 2025/08/13 10:21 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates