CVE-2022-31151

Public Exploit

Uncleared cookies on cross-host/cross-origin redirect in undici

Description

Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e. `maxRedirections: 0` (the default).

References

Link	Tags
https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp	third party advisory
https://github.com/nodejs/undici/issues/872	issue tracking exploit third party advisory
https://hackerone.com/reports/1635514	third party advisory permissions required
https://security.netapp.com/advisory/ntap-20220909-0006/	third party advisory

Frequently Asked Questions

What is the severity of CVE-2022-31151?: CVE-2022-31151 has been scored as a low severity vulnerability.
How to fix CVE-2022-31151?: To fix CVE-2022-31151, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-31151 being actively exploited in the wild?: It is possible that CVE-2022-31151 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-31151?: CVE-2022-31151 affects nodejs undici.

Description

Categories

CWE-601 – URL Redirection to Untrusted Site ('Open Redirect')

CWE-346 – Origin Validation Error

References

Frequently Asked Questions