Bug 2082190 (CVE-2022-1214)
| Summary: | CVE-2022-1214 axios: Exposure of Sensitive Information to an Unauthorized Actor | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | unspecified | CC: | adudiak, amuller, anpicker, caswilli, erooth, fjansen, hkataria, jhadvig, jwong, kaycoth, kholdawa, kshier, rfreiman, spasquie |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | axios 0.26 | Doc Type: | If docs needed, set a value |
| Doc Text: |
[REJECTED CVE] A vulnerability has been identified in the axios library where cookies can be leaked to unauthorized domains during HTTP redirects. This occurs because axios includes the original Cookie header when following a Location redirect to a different domain, violating the same-origin policy. An attacker could exploit this by redirecting requests to their controlled domain, gaining access to sensitive cookies and potentially hijacking user accounts.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-09 11:23:39 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2082259, 2082353, 2082354, 2082355, 2082356, 2082470, 2082471, 2082472, 2082473, 2082474, 2082475, 2082476, 2082477, 2082478, 2082479, 2082480, 2082481, 2082482, 2082483, 2082484, 2082485, 2082486, 2082487, 2082488, 2082489 | ||
| Bug Blocks: | 2082192 | ||
|
Description
Patrick Del Bello
2022-05-05 14:45:21 UTC
|