Description
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive cleartext HTTP requests carrying imported session cookies when a provider-controlled redirect target issues a redirect to a cleartext HTTP endpoint within the same provider domain.
Published: 2026-06-01
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

CodexBar versions earlier than 0.32.0 permit the disclosure of user session cookies. When a session is imported from Amp or Ollama, the application does not validate the security of the redirect target and can redirect to a clear‑text HTTP endpoint in the same provider domain. The vulnerable redirect causes an attacker who can observe or modify the network traffic to capture the clear‑text session cookie sent in the HTTP request, thereby enabling unauthorized access to the victim’s session.

Affected Systems

The vulnerability affects all releases of steipete:CodexBar before 0.32.0. Users who rely on Amp or Ollama provider sessions are at risk, as the redirection mechanism used to establish these sessions can expose the session cookie.

Risk and Exploitability

The CVSS score of 8.2 indicates a high severity, and the lack of an EPSS value means the exploitation likelihood is unknown but could be significant for a determined network attacker. This flaw is not listed in the CISA KEV catalog. Exploitation requires an attacker to position themselves on the network path to observe or modify HTTP traffic that includes the redirect to a clear‑text endpoint. The attack vector is therefore a network‐based compromise rather than a local or remote code execution vector. If the attacker can observe the traffic, they can extract the session cookie, which can be replayed to gain unauthorized access to the user’s session without authentication.

Generated by OpenCVE AI on June 1, 2026 at 20:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to CodexBar 0.32.0 or later.
  • If upgrading immediately is not possible, block or prohibit clear‑text HTTP redirects to provider domains by requiring HTTPS-only redirects in the application configuration or by enforcing HTTPS at the network level.
  • Validate redirect URLs to ensure they point to secure HTTPS endpoints and reject or rewrite any redirect that would lead to a clear‑text HTTP resource.

Generated by OpenCVE AI on June 1, 2026 at 20:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive cleartext HTTP requests carrying imported session cookies when a provider-controlled redirect target issues a redirect to a cleartext HTTP endpoint within the same provider domain.
Title CodexBar < 0.32.0 Session Cookie Exposure via HTTP Redirect
Weaknesses CWE-319
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-01T18:46:08.612Z

Reserved: 2026-05-01T18:22:45.640Z

Link: CVE-2026-43625

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T19:16:47.813

Modified: 2026-06-01T19:16:47.813

Link: CVE-2026-43625

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T20:30:17Z

Weaknesses