CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
77.0%
Cookie and Authorization headers are leaked when following cross-origin redirects in twited.web.client.RedirectAgent
and twisted.web.client.BrowserLikeRedirectAgent
.
github.com/advisories/GHSA-92x2-jw7w-xvvx
github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2
github.com/twisted/twisted/releases/tag/twisted-22.1.0
github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx
lists.debian.org/debian-lts-announce/2022/02/msg00021.html
lists.fedoraproject.org/archives/list/[email protected]/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/
lists.fedoraproject.org/archives/list/[email protected]/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/
nvd.nist.gov/vuln/detail/CVE-2022-21712
security.gentoo.org/glsa/202301-02
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
77.0%