GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens, and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption in our documentation.

[SEC-008] Session Cookies doesn't have HttpOnly flag

Description

A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.

Severity

This bug has severity LOW

Affected Url

/auth/login

Admin message

[SEC-008] Session Cookies doesn't have HttpOnly flag

Description

Severity

Affected Url

Attachment