CVE-2022-24719

{"id": "CVE-2022-24719", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2022-03-01T21:15:07.923", "references": [{"url": "https://github.com/fluture-js/fluture-node/commit/0c99bc511533d48be17dc6bfe641f7d0aeb34d77", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/fluture-js/fluture-node/commit/125e4474f910c1507f8ec3232848626fbc0f55c4", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/fluture-js/fluture-node/security/advisories/GHSA-32x6-qvw6-mxj4", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/psf/requests/pull/4718", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-212"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-359"}]}], "descriptions": [{"lang": "en", "value": "Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie, exposes you to a vulnerability where, if the destination server were to redirect the request to a server on a third-party domain, or the same domain over unencrypted HTTP, the headers would be included in the follow-up request and be exposed to the third party, or potential http traffic sniffing. The redirection strategies made available in version 4.0.2 automatically redact confidential headers when a redirect is followed across to another origin. A workaround has been identified by using a custom redirection strategy via the `followRedirectsWith` function. The custom strategy can be based on the new strategies available in fluture-node@4.0.2."}, {"lang": "es", "value": "Fluture-Node es una utilidad HTTP y de streaming de estilo FP para Node basada en Fluture. Usando \"followRedirects\" o \"followRedirectsWith\" con cualquiera de las estrategias de redireccionamiento incorporadas en fluture-node versiones 4.0.0 o 4.0. 1, junto con una petici\u00f3n que incluya encabezados confidenciales como Authorization o Cookie, le expone a una vulnerabilidad en la que, si el servidor de destino redirigiera la petici\u00f3n a un servidor en un dominio de terceros, o al mismo dominio a trav\u00e9s de HTTP sin cifrar, los encabezados podr\u00edan ser incluidos en la petici\u00f3n de seguimiento y quedar\u00edan expuestas a terceros, o a un potencial husmeo del tr\u00e1fico http. Las estrategias de redireccionamiento disponibles en la versi\u00f3n 4.0.2 redactan autom\u00e1ticamente los encabezados confidenciales cuando es seguido un redireccionamiento a otro origen. Se ha identificado una medida de mitigaci\u00f3n mediante el uso de una estrategia de redireccionamiento personalizada por medio de la funci\u00f3n \"followRedirectsWith\". La estrategia personalizada puede basarse en las nuevas estrategias disponibles en fluture-node@4.0.2."}], "lastModified": "2023-07-03T20:33:34.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fluture-node_project:fluture-node:4.0.0:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "9E134C6B-520E-4721-92D9-C128A97DD5D7"}, {"criteria": "cpe:2.3:a:fluture-node_project:fluture-node:4.0.1:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "EDE49B85-4FA8-45EE-8C14-47E835A658D9"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}