Running latest docker build. Our security audit reported below
Summary
The host is running a server with SSL/TLS and is prone to information disclosure vulnerability.
Detection Result
The cookies: Set-Cookie: PHPSESSID=replaced; path=/; HttpOnly; SameSite=Lax are missing the “secure” attribute.
Insight
The flaw is due to cookie is not using ‘secure’ attribute, which allows cookie to be passed to the server by the client over non-secure channels (http) and allows attacker to conduct session hijacking attacks.
Detection Method
Details: SSL/TLS: Missing secure
Cookie Attribute OID: 1.3.6.1.4.1.25623.1.0.902661
Affected Software/OS
Server with SSL/TLS.
Impact
Solution
Solution Type:
Mitigation
Set the ‘secure’ attribute for any cookies that are sent over a SSL/TLS connection.
Any way to fix this issue?