Hi,
Our security team has flagged a vulnerability when our Keycloak instance running in kubernetes using ngnix-ingress, was scanned via Qualys. Is this something to be worried about?
I have already configured Require SSL
to all requests
.
These are the url being tagged below:
- https://domain.com/auth
-
https://domain.com/auth/realms/master/protocol/openid-connect/3p-cookies/step1.html?version=89j5v
Cookie Does Not Contain The "secure" Attribute
Cookie Does Not Contain The "HTTPOnly" Attribute