Lucene search

K
nvd[email protected]NVD:CVE-2023-45857
HistoryNov 08, 2023 - 9:15 p.m.

CVE-2023-45857

2023-11-0821:15:08
CWE-352
web.nvd.nist.gov
8
vulnerability
axios
xsrf-token
cookies
information disclosure
http header

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.4%

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

Affected configurations

Nvd
Node
axiosaxiosMatch1.5.1node.js
VendorProductVersionCPE
axiosaxios1.5.1cpe:2.3:a:axios:axios:1.5.1:*:*:*:*:node.js:*:*

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.4%