7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
40.4%
Summary
Mechanize (rubygem) < v2.8.5
leaks the Authorization
header after a redirect to a different port on the same site.
Mitigation
Upgrade to Mechanize v2.8.5 or later.
Notes
See https://curl.se/docs/CVE-2022-27776.html for a similar vulnerability in curl.
Cookies are shared with a server at a different port on the same site, per https://datatracker.ietf.org/doc/html/rfc6265#section-8.5 which states in part:
> Cookies do not provide isolation by port. If a cookie is readable
> by a service running on one port, the cookie is also readable by a
> service running on another port of the same server. If a cookie is
> writable by a service on one port, the cookie is also writable by a
> service running on another port of the same server. For this
> reason, servers SHOULD NOT both run mutually distrusting services on
> different ports of the same host and use cookies to store security-
> sensitive information.
github.com/advisories/GHSA-64qm-hrgp-pgr9
github.com/rubysec/ruby-advisory-db/blob/master/gems/mechanize/CVE-2022-31033.yml
github.com/sparklemotion/mechanize/commit/c7fe6996a5b95f9880653ba3bc548a8d4ef72317
github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9
nvd.nist.gov/vuln/detail/CVE-2022-31033
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
40.4%