Bug 2121396 (CVE-2022-31151)
| Summary: | CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | ybuenos |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | fjansen, gparvin, jramanat, nboldt, njean, pahickey, scorneli, stcannon |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | undici 5.7.1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the undici package. After cookie headers are set, they are not cleared. This issue could allow an attacker to take advantage of this cookie, which could be used to control the redirection target.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-11-28 04:55:20 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2121442 | ||
| Bug Blocks: | 2110058 | ||
|
Description
ybuenos
2022-08-25 11:15:59 UTC
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8 Via RHSA-2022:6696 https://access.redhat.com/errata/RHSA-2022:6696 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-31151 |