CVE-2022-31042 Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle

🗓️ 09 Jun 2022 00:00:00Reported by GitHub_MType

Guzzle CVE-2022-31042 Cookie Header Stripping Failur

Reporter	Title	Published	Views	Family All 55
BDU FSTEC	The vulnerability of the Guzzle client HTTP library, a PHP programming language interpreter, related to authentication errors, allows attackers to disclose sensitive information that is protected.	29 Jun 202200:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Guzzle client HTTP library, a PHP programming language interpreter, stems from improperly implemented security checks for standard elements, allowing attackers to disclose sensitive information.	29 Jun 202200:00	–	bdu_fstec
Circl	CVE-2022-31042	10 Jun 202207:34	–	circl
CNNVD	Guzzle 信息泄露漏洞	9 Jun 202200:00	–	cnnvd
CVE	CVE-2022-31042	9 Jun 202200:00	–	cve
Debian	[SECURITY] [DSA 5246-1] mediawiki security update	4 Oct 202218:53	–	debian
Debian CVE	CVE-2022-31042	9 Jun 202200:00	–	debiancve
Tenable Nessus	Debian DSA-5246-1 : mediawiki - security update	5 Oct 202200:00	–	nessus
Tenable Nessus	Drupal 9.2.x < 9.2.21 / 9.3.x < 9.3.16 Drupal Multiple Vulnerabilities (SA-CORE-2022-011)	10 Jun 202200:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2022-31042	12 Aug 202500:00	–	nessus

[
  {
    "vendor": "guzzle",
    "product": "guzzle",
    "versions": [
      {
        "version": "< 6.5.7",
        "status": "affected"
      },
      {
        "version": ">=7.0.0, < 7.4.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
rfc-editor	www.rfc-editor.org/rfc/rfc9110.html
github	www.github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9
github	www.github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8
debian	www.debian.org/security/2022/dsa-5246
drupal	www.drupal.org/sa-core-2022-011

06 Oct 2022 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 3.17.5

EPSS0.01808

CWE-200