Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2023-07356

Опубликовано: 11 окт. 2023
Источник: fstec
CVSS3: 3.5
CVSS2: 4
EPSS Низкий

Описание

Уязвимость клиента HTTP/1.1 undici программной платформы Node.js связана с недостаточной защитой служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, раскрыть защищаемую информацию

Вендор

Red Hat Inc.
Сообщество свободного программного обеспечения
ООО «Ред Софт»
Fedora Project
Node.js Foundation

Наименование ПО

Red Hat Enterprise Linux
Red Hat Software Collections
Debian GNU/Linux
РЕД ОС
Fedora
OpenShift Serverless
OpenShift Dev Spaces
Node.js

Версия ПО

8 (Red Hat Enterprise Linux)
- (Red Hat Software Collections)
12 (Debian GNU/Linux)
7.3 (РЕД ОС)
9 (Red Hat Enterprise Linux)
37 (Fedora)
38 (Fedora)
- (OpenShift Serverless)
- (OpenShift Dev Spaces)
до 5.26.2 (Node.js)

Тип ПО

Операционная система
Прикладное ПО информационных систем
Сетевое программное средство

Операционные системы и аппаратные платформы

Red Hat Inc. Red Hat Enterprise Linux 8
Сообщество свободного программного обеспечения Debian GNU/Linux 12
ООО «Ред Софт» РЕД ОС 7.3
Red Hat Inc. Red Hat Enterprise Linux 9
Fedora Project Fedora 37
Fedora Project Fedora 38

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 4)
Низкий уровень опасности (базовая оценка CVSS 3.0 составляет 3,5)

Возможные меры по устранению уязвимости

Использование рекомендаций:
Для Node.js:
https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g
https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp
https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2023-45143
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2023-45143
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 24%
0.00078
Низкий

3.5 Low

CVSS3

4 Medium

CVSS2

Связанные уязвимости

redos логотип

ROS-20240916-03

CVSS3: 7.5
redos
11 месяцев назад

Множественные уязвимости nodejs

ubuntu логотип

CVE-2023-45143

CVSS3: 3.9
ubuntu
почти 2 года назад

Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.

redhat логотип

CVE-2023-45143

CVSS3: 3.9
redhat
почти 2 года назад

Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.

nvd логотип

CVE-2023-45143

CVSS3: 3.9
nvd
почти 2 года назад

Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.

msrc логотип

CVE-2023-45143

CVSS3: 3.5
msrc
почти 2 года назад

Описание отсутствует

EPSS

Процентиль: 24%
0.00078
Низкий

3.5 Low

CVSS3

4 Medium

CVSS2