Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-21712

Опубликовано: 08 фев. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the twited.web.RedirectAgent and twisted.web. BrowserLikeRedirectAgent functions. Users are advised to upgrade. There are no known workarounds.

A flaw was found in the twisted Python library when WebClient redirects via the RedirectAgent and BrowserLikeRedirectAgent methods. This flaw allows an attacker to take advantage of these cross-origin redirects and leak the cookie and authorization headers.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 1.2twisted[tls]Affected
Red Hat Ansible Automation Platform 2twisted[tls]Affected
Red Hat Ceph Storage 3python-twisted-coreOut of support scope
Red Hat Enterprise Linux 6python-twistedOut of support scope
Red Hat OpenStack Platform 13 (Queens)python-twistedOut of support scope
Red Hat Satellite 6python-twistedWill not fix
Red Hat Storage 3python-twisted-coreAffected
Service Telemetry Framework 1.3 for RHEL 8python-twistedWill not fix
Red Hat OpenStack Platform 16.1python-twistedFixedRHSA-2022:098224.03.2022
Red Hat OpenStack Platform 16.2python-twistedFixedRHSA-2022:099223.03.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-346
https://bugzilla.redhat.com/show_bug.cgi?id=2051865dev-python/twisted: secret exposure in cross-origin redirects

EPSS

Процентиль: 47%
0.00241
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-21712

CVSS3: 7.5
ubuntu
почти 4 года назад

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.

nvd логотип

CVE-2022-21712

CVSS3: 7.5
nvd
почти 4 года назад

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.

msrc логотип

CVE-2022-21712

CVSS3: 7.5
msrc
почти 4 года назад

Cookie and header exposure in twisted

debian логотип

CVE-2022-21712

CVSS3: 7.5
debian
почти 4 года назад

twisted is an event-driven networking engine written in Python. In aff ...

suse-cvrf логотип

openSUSE-SU-2022:0499-1

suse-cvrf
почти 4 года назад

Security update for python-Twisted

EPSS

Процентиль: 47%
0.00241
Низкий

7.5 High

CVSS3