Bug 2076133 (CVE-2022-1365)
Summary: | CVE-2022-1365 cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sandipan Roy <saroy> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aileenc, alazarot, amackenz, amasferr, anstephe, asoldano, avibelli, bbaranow, bgeorges, bmaxwell, brian.stansberry, cdewolf, chazlett, darran.lofthouse, dkreling, dosoudil, drieden, dwhatley, dymurray, emingora, etirelli, fboucher, fjuma, ggaughan, gmalinko, go-sig, gparvin, ibek, ibolton, iweiss, janstey, jmatthew, jmontleo, jochrist, jramanat, jrokos, jstastny, jwendell, jwon, krathod, kverlaen, lgao, lmohanty, lthon, madam, mkudlej, mnovotny, mosmerov, msochure, msvehla, mszynkie, njean, nwallace, openstack-sig, oskutka, ovanders, pabelanger, pahickey, pdelbell, peholase, pgallagh, pjindal, pmackay, pvalena, rcernich, rguimara, rrajasek, rruss, rstancel, rsvoboda, ruby-packagers-sig, slucidi, smaestri, sseago, stcannon, strzibny, thrcka, tjochec, tkral, tom.jenkinson, twalsh, tzimanyi, vondruch, zebob.m |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | cross-fetch 3.1.5 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-05-03 20:46:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2076223, 2079141, 2079142, 2079143, 2079144 | ||
Bug Blocks: | 2076135 |
Description
Sandipan Roy
2022-04-18 04:00:28 UTC
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8 Via RHSA-2022:1681 https://access.redhat.com/errata/RHSA-2022:1681 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-1365 This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2022:5840 https://access.redhat.com/errata/RHSA-2022:5840 This issue has been addressed in the following products: RHPAM 7.13.1 async Via RHSA-2022:6813 https://access.redhat.com/errata/RHSA-2022:6813 |