In undici < 5.7.1, cookie headers remain uncleared on cross-origin redirect. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker, who can control the redirection target (ie. an open redirector), in order to leak the cookie to the 3rd party site.
This issue has been addressed in the following products:
Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8
Via RHSA-2022:6696 https://access.redhat.com/errata/RHSA-2022:6696
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):