Description
CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive cleartext HTTP requests carrying imported session cookies when a provider-controlled redirect target issues a redirect to a cleartext HTTP endpoint within the same provider domain.
Published: 2026-06-01
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

CodexBar versions earlier than 0.32.0 permit the disclosure of user session cookies. When a session is imported from Amp or Ollama, the application does not validate the security of the redirect target and can redirect to a clear‑text HTTP endpoint in the same provider domain. The vulnerable redirect causes an attacker who can observe or modify the network traffic to capture the clear‑text session cookie sent in the HTTP request, thereby enabling unauthorized access to the victim’s session.

Affected Systems

The vulnerability affects all releases of steipete:CodexBar before 0.32.0. Users who rely on Amp or Ollama provider sessions are at risk, as the redirection mechanism used to establish these sessions can expose the session cookie.

Risk and Exploitability

The CVSS score of 8.2 indicates a high severity, and the lack of an EPSS value means the exploitation likelihood is unknown but could be significant for a determined network attacker. This flaw is not listed in the CISA KEV catalog. Exploitation requires an attacker to position themselves on the network path to observe or modify HTTP traffic that includes the redirect to a clear‑text endpoint. The attack vector is therefore a network‐based compromise rather than a local or remote code execution vector. If the attacker can observe the traffic, they can extract the session cookie, which can be replayed to gain unauthorized access to the user’s session without authentication.

Generated by OpenCVE AI on June 1, 2026 at 20:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to CodexBar 0.32.0 or later.
  • If upgrading immediately is not possible, block or prohibit clear‑text HTTP redirects to provider domains by requiring HTTPS-only redirects in the application configuration or by enforcing HTTPS at the network level.
  • Validate redirect URLs to ensure they point to secure HTTPS endpoints and reject or rewrite any redirect that would lead to a clear‑text HTTP resource.

Generated by OpenCVE AI on June 1, 2026 at 20:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Steipete
Steipete codexbar
Vendors & Products Steipete
Steipete codexbar

Mon, 01 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description CodexBar prior to 0.32.0 contains a session cookie leakage vulnerability that allows network attackers to intercept imported browser session cookies by exploiting improper redirect handling for Amp and Ollama provider sessions. Attackers can position themselves on the network path to receive cleartext HTTP requests carrying imported session cookies when a provider-controlled redirect target issues a redirect to a cleartext HTTP endpoint within the same provider domain.
Title CodexBar < 0.32.0 Session Cookie Exposure via HTTP Redirect
Weaknesses CWE-319
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Steipete Codexbar
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-01T21:19:08.283Z

Reserved: 2026-05-01T18:22:45.640Z

Link: CVE-2026-43625

cve-icon Vulnrichment

Updated: 2026-06-01T21:19:05.963Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T19:16:47.813

Modified: 2026-06-02T14:43:49.920

Link: CVE-2026-43625

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:52:50Z

Weaknesses
  • CWE-319

    Cleartext Transmission of Sensitive Information