Bug 2121396 (CVE-2022-31151) - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect
Summary: CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect
Alias: CVE-2022-31151
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 2121442
Blocks: 2110058
TreeView+ depends on / blocked
Reported: 2022-08-25 11:15 UTC by ybuenos
Modified: 2023-01-10 12:02 UTC (History)
8 users (show)

Fixed In Version: undici 5.7.1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the undici package. After cookie headers are set, they are not cleared. This issue could allow an attacker to take advantage of this cookie, which could be used to control the redirection target.
Clone Of:
Last Closed: 2022-11-28 04:55:20 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:6696 0 None None None 2022-09-26 14:52:03 UTC

Description ybuenos 2022-08-25 11:15:59 UTC
In undici < 5.7.1, cookie headers remain uncleared on cross-origin redirect. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker, who can control the redirection target (ie. an open redirector), in order to leak the cookie to the 3rd party site.

Comment 3 errata-xmlrpc 2022-09-26 14:52:00 UTC
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8

Via RHSA-2022:6696 https://access.redhat.com/errata/RHSA-2022:6696

Comment 4 Product Security DevOps Team 2022-11-28 04:55:18 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):


Note You need to log in before you can comment on or make changes to this bug.