Vulnerability CVE-2022-21712

Vulnerability Name:

CVE-2022-21712 (CCN-219441)

Assigned:

2021-11-16

Published:

2022-02-07

Updated:

2023-02-01

Summary:

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2022-21712

Source: XF
Type: UNKNOWN
twisted-cve202221712-info-disc(219441)

Source: security-advisories@github.com
Type: Patch, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Release Notes, Third Party Advisory
security-advisories@github.com

Source: CCN
Type: Twisted GIT Repository
Cookie and Authorization headers are sent when following a cross-origin redirect with twisted.web.client

Source: security-advisories@github.com
Type: Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Mailing List, Third Party Advisory
security-advisories@github.com

Source: security-advisories@github.com
Type: Third Party Advisory
security-advisories@github.com

Source: CCN
Type: IBM Security Bulletin 6605065 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cookie and authorization header exposure in Twisted (CVE-2022-21712).

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:3515	P	gstreamer-plugins-good-1.8.3-15.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95145	P	python3-Twisted-22.1.0-150400.3.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:119005	P	Security update for python-Twisted (Important)	2022-02-18
oval:org.opensuse.security:def:102096	P	Security update for python-Twisted (Important)	2022-02-18
oval:org.opensuse.security:def:119678	P	Security update for python-Twisted (Important)	2022-02-18
oval:org.opensuse.security:def:119112	P	Security update for python-Twisted (Important)	2022-02-18
oval:org.opensuse.security:def:102250	P	Security update for python-Twisted (Important)	2022-02-18
oval:org.opensuse.security:def:119310	P	Security update for python-Twisted (Important)	2022-02-18
oval:org.opensuse.security:def:1532	P	Security update for python-Twisted (Important)	2022-02-18
oval:org.opensuse.security:def:118815	P	Security update for python-Twisted (Important)	2022-02-18
oval:org.opensuse.security:def:119493	P	Security update for python-Twisted (Important)	2022-02-18
oval:org.opensuse.security:def:1689	P	Security update for python-Twisted (Important)	2022-02-18

BACK