Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2023-74435
HistoryMay 27, 2022 - 12:00 a.m.

Guzzle Information Disclosure Vulnerability

2022-05-2700:00:00
China National Vulnerability Database
www.cnvd.org.cn
4

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

6.2 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

61.4%

JSON

Guzzle is a PHP HTTP client for guzzle individual developers that makes it easy to send HTTP requests and easily integrate with web services. An information disclosure vulnerability exists in Guzzle versions prior to 7.4.3, and prior to 6.5.6, which stems from a vulnerability that allows a malicious server to set cookies for unrelated domains, which can be exploited by an attacker to log in to their account from the Guzzle client and retrieve private API requests from their account’s security logs.

CPENameOperatorVersion
guzzle guzzlelt6.5.6
guzzle guzzlelt7.4.3

Related

veracode 1
github 1
debiancve 1
openvas 4
prion 1
cve 1
drupal 1
osv 4
ubuntucve 1
nessus 3
freebsd 1
mageia 1
debian 1
veracode
veracode
Cross-domain Cookie Leakage
2022-05-26 04:37:11
github
github
Cross-domain cookie leakage in Guzzle
2022-05-25 18:09:55
debiancve
debiancve
CVE-2022-29248
2022-05-25 18:15:00
openvas
openvas
Drupal Third-party Library Information Disclosure Vulnerability (SA-CORE-2022-010) - Linux
2022-05-31 00:00:00
Drupal Third-party Library Information Disclosure Vulnerability (SA-CORE-2022-010) - Windows
2022-05-31 00:00:00
Mageia: Security Advisory (MGASA-2022-0338)
2022-09-19 00:00:00
prion
prion
Design/Logic Flaw
2022-05-25 18:15:00
cve
cve
CVE-2022-29248
2022-05-25 18:15:00
drupal
drupal
Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-010
2022-05-25 00:00:00
osv
osv
Cross-domain cookie leakage in Guzzle
2022-05-25 18:09:55
BIT-drupal-2022-29248
2024-03-06 10:52:24
CVE-2022-29248
2022-05-25 18:15:08
ubuntucve
ubuntucve
CVE-2022-29248
2022-05-25 00:00:00
nessus
nessus
Drupal 9.2.x < 9.2.20 / 9.3.x < 9.3.14 Drupal Vulnerability (SA-CORE-2022-010)
2022-05-25 00:00:00
FreeBSD : mediawiki -- multiple vulnerabilities (5ab54ea0-fa94-11ec-996c-080027b24e86)
2022-07-03 00:00:00
Debian DSA-5246-1 : mediawiki - security update
2022-10-05 00:00:00
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2022-05-16 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerability
2022-09-16 22:39:55
debian
debian
[SECURITY] [DSA 5246-1] mediawiki security update
2022-10-04 18:53:33

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

6.2 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

61.4%

JSON
Related for CNVD-2023-74435
veracode1github1debiancve1openvas4prion1cve1drupal1osv4ubuntucve1nessus3freebsd1mageia1debian1