Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8 via Authorization Header leak. References: https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445
Created cockatrice tracking bugs for this issue: Affects: fedora-all [bug 2062721] Created couchdb tracking bugs for this issue: Affects: fedora-all [bug 2062722] Created golang-github-cockroachdb-cockroach tracking bugs for this issue: Affects: fedora-all [bug 2062723] Created golang-github-hashicorp-consul-api tracking bugs for this issue: Affects: fedora-all [bug 2062724] Created golang-github-hashicorp-consul-sdk tracking bugs for this issue: Affects: fedora-all [bug 2062725] Created golang-github-prometheus tracking bugs for this issue: Affects: epel-all [bug 2062720] Created golang-vitess tracking bugs for this issue: Affects: fedora-all [bug 2062726] Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2062727] Created openvas-gsa tracking bugs for this issue: Affects: fedora-all [bug 2062728] Created zuul tracking bugs for this issue: Affects: fedora-all [bug 2062729]
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 7 Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 Via RHSA-2022:1083 https://access.redhat.com/errata/RHSA-2022:1083
services-assisted-installer/facet:077f828/follow-redirects-1.14.7 https://github.com/openshift-assisted/assisted-ui/blob/master/yarn.lock services-compliance/compliance/compliance-frontend:5aa9b1f/follow-redirects-1.14.7 https://github.com/RedHatInsights/compliance-frontend/blob/master/package-lock.json services-openshift-cluster-manager/ocm/uhc-portal:2e62632/follow-redirects-1.13.3 https://gitlab.cee.redhat.com/service/uhc-portal/blob/master/yarn.lock services-openshift-cluster-manager/ocm/uhc-portal:2e62632/follow-redirects-1.14.6 https://gitlab.cee.redhat.com/service/uhc-portal/blob/master/yarn.lock services-openshift-cluster-manager/ocm/uhc-portal:2e62632/follow-redirects-1.5.10 https://gitlab.cee.redhat.com/service/uhc-portal/blob/master/yarn.lock
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8 Via RHSA-2022:1476 https://access.redhat.com/errata/RHSA-2022:1476
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8 Via RHSA-2022:1681 https://access.redhat.com/errata/RHSA-2022:1681
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 7 Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 Via RHSA-2022:1715 https://access.redhat.com/errata/RHSA-2022:1715
This issue has been addressed in the following products: OpenShift Service Mesh 2.1 Via RHSA-2022:1739 https://access.redhat.com/errata/RHSA-2022:1739
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0536
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 7 Via RHSA-2022:5392 https://access.redhat.com/errata/RHSA-2022:5392
This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2022:5483 https://access.redhat.com/errata/RHSA-2022:5483
This issue has been addressed in the following products: Red Hat OpenShift Data Foundation 4.11 on RHEL8 Via RHSA-2022:6156 https://access.redhat.com/errata/RHSA-2022:6156
This issue has been addressed in the following products: RHINT Service Registry 2.3.0 GA Via RHSA-2022:6835 https://access.redhat.com/errata/RHSA-2022:6835
This issue has been addressed in the following products: Red Hat Openshift distributed tracing 2.6 Via RHSA-2022:7055 https://access.redhat.com/errata/RHSA-2022:7055