Vulnerability Details : CVE-2022-31151
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e. `maxRedirections: 0` (the default).
Vulnerability category: Open redirect
Products affected by CVE-2022-31151
- cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-31151
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-31151
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.9
|
2.5
|
NIST | |
3.7
|
LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
2.2
|
1.4
|
GitHub, Inc. |
CWE ids for CVE-2022-31151
-
The product does not properly verify that the source of data or communication is valid.Assigned by: nvd@nist.gov (Secondary)
-
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.Assigned by: security-advisories@github.com (Primary)
References for CVE-2022-31151
-
https://security.netapp.com/advisory/ntap-20220909-0006/
CVE-2022-31151 Node.js Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://github.com/nodejs/undici/issues/872
`authorization` header is not deleted on redirects to third party origins · Issue #872 · nodejs/undici · GitHubExploit;Issue Tracking;Third Party Advisory
-
https://hackerone.com/reports/1635514
HackerOnePermissions Required;Third Party Advisory
-
https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp
Cookies uncleared on cross-host / cross-origin redirect · Advisory · nodejs/undici · GitHubThird Party Advisory
Jump to