Vulnerability Name: | CVE-2022-31151 (CCN-231975) | ||||||||||||
Assigned: | 2022-07-18 | ||||||||||||
Published: | 2022-07-18 | ||||||||||||
Updated: | 2022-09-29 | ||||||||||||
Summary: | Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e. `maxRedirections: 0` (the default). | ||||||||||||
CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
4.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-601 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2022-31151 Source: XF Type: UNKNOWN undici-cve202231151-info-disc(231975) Source: MISC Type: Exploit, Issue Tracking, Third Party Advisory https://github.com/nodejs/undici/issues/872 Source: CCN Type: undici GIT Repository Cookies uncleared on cross-host / cross-origin redirect Source: CONFIRM Type: Third Party Advisory https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp Source: MISC Type: Permissions Required, Third Party Advisory https://hackerone.com/reports/1635514 Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20220909-0006/ Source: CCN Type: SNYK-JS-UNDICI-2957529 Information Exposure | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |