Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-31043
HistoryJun 10, 2022 - 12:15 a.m.

CVE-2022-31043

2022-06-1000:15:00
Debian Security Bug Tracker
security-tracker.debian.org
27

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

60.4%

JSON

Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the same as to how we don’t forward on the header if the host changes. Prior to this fix, https to http downgrades did not result in the Authorization header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required.

Related

veracode 1
cve 1
prion 1
osv 4
github 1
ubuntucve 1
friendsofphp 1
nessus 2
drupal 1
openvas 4
mageia 1
debian 1
veracode
veracode
Information Disclosure
2022-06-13 05:07:04
cve
cve
CVE-2022-31043
2022-06-10 00:15:00
prion
prion
Design/Logic Flaw
2022-06-10 00:15:00
osv
osv
Fix failure to strip Authorization header on HTTP downgrade
2022-06-09 23:47:23
CVE-2022-31043
2022-06-10 00:15:07
BIT-drupal-2022-31043
2024-03-06 10:52:03
github
github
Fix failure to strip Authorization header on HTTP downgrade
2022-06-09 23:47:23
ubuntucve
ubuntucve
CVE-2022-31043
2022-06-10 00:00:00
friendsofphp
friendsofphp
Fix failure to strip Authorization header on HTTP downgrade
2022-06-09 23:36:00
nessus
nessus
Drupal 9.2.x < 9.2.21 / 9.3.x < 9.3.16 Drupal Multiple Vulnerabilities (SA-CORE-2022-011)
2022-06-10 00:00:00
Debian DSA-5246-1 : mediawiki - security update
2022-10-05 00:00:00
drupal
drupal
Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-011
2022-06-10 00:00:00
openvas
openvas
Drupal Third-party Library Information Disclosure Vulnerabilities (SA-CORE-2022-011) - Linux
2022-06-16 00:00:00
Drupal Third-party Library Information Disclosure Vulnerabilities (SA-CORE-2022-011) - Windows
2022-06-16 00:00:00
Mageia: Security Advisory (MGASA-2022-0338)
2022-09-19 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerability
2022-09-16 22:39:55
debian
debian
[SECURITY] [DSA 5246-1] mediawiki security update
2022-10-04 18:53:59

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

60.4%

JSON
Related for DEBIANCVE:CVE-2022-31043
veracode1cve1prion1osv4github1ubuntucve1friendsofphp1nessus2drupal1openvas4mageia1debian1