fkie_cve-2022-24719
Vulnerability from fkie_nvd
Published
2022-03-01 21:15
Modified
2024-11-21 06:50
Severity ?
2.6 (Low) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie, exposes you to a vulnerability where, if the destination server were to redirect the request to a server on a third-party domain, or the same domain over unencrypted HTTP, the headers would be included in the follow-up request and be exposed to the third party, or potential http traffic sniffing. The redirection strategies made available in version 4.0.2 automatically redact confidential headers when a redirect is followed across to another origin. A workaround has been identified by using a custom redirection strategy via the `followRedirectsWith` function. The custom strategy can be based on the new strategies available in fluture-node@4.0.2.
References
security-advisories@github.comhttps://github.com/fluture-js/fluture-node/commit/0c99bc511533d48be17dc6bfe641f7d0aeb34d77Patch
security-advisories@github.comhttps://github.com/fluture-js/fluture-node/commit/125e4474f910c1507f8ec3232848626fbc0f55c4Patch
security-advisories@github.comhttps://github.com/fluture-js/fluture-node/security/advisories/GHSA-32x6-qvw6-mxj4Patch, Vendor Advisory
security-advisories@github.comhttps://github.com/psf/requests/pull/4718Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/fluture-js/fluture-node/commit/0c99bc511533d48be17dc6bfe641f7d0aeb34d77Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/fluture-js/fluture-node/commit/125e4474f910c1507f8ec3232848626fbc0f55c4Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/fluture-js/fluture-node/security/advisories/GHSA-32x6-qvw6-mxj4Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/psf/requests/pull/4718Patch, Third Party Advisory
Impacted products
Vendor Product Version
fluture-node_project fluture-node 4.0.0
fluture-node_project fluture-node 4.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fluture-node_project:fluture-node:4.0.0:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "9E134C6B-520E-4721-92D9-C128A97DD5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fluture-node_project:fluture-node:4.0.1:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "EDE49B85-4FA8-45EE-8C14-47E835A658D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie, exposes you to a vulnerability where, if the destination server were to redirect the request to a server on a third-party domain, or the same domain over unencrypted HTTP, the headers would be included in the follow-up request and be exposed to the third party, or potential http traffic sniffing. The redirection strategies made available in version 4.0.2 automatically redact confidential headers when a redirect is followed across to another origin. A workaround has been identified by using a custom redirection strategy via the `followRedirectsWith` function. The custom strategy can be based on the new strategies available in fluture-node@4.0.2."
    },
    {
      "lang": "es",
      "value": "Fluture-Node es una utilidad HTTP y de streaming de estilo FP para Node basada en Fluture. Usando \"followRedirects\" o \"followRedirectsWith\" con cualquiera de las estrategias de redireccionamiento incorporadas en fluture-node versiones 4.0.0 o 4.0. 1, junto con una petici\u00f3n que incluya encabezados confidenciales como Authorization o Cookie, le expone a una vulnerabilidad en la que, si el servidor de destino redirigiera la petici\u00f3n a un servidor en un dominio de terceros, o al mismo dominio a trav\u00e9s de HTTP sin cifrar, los encabezados podr\u00edan ser incluidos en la petici\u00f3n de seguimiento y quedar\u00edan expuestas a terceros, o a un potencial husmeo del tr\u00e1fico http. Las estrategias de redireccionamiento disponibles en la versi\u00f3n 4.0.2 redactan autom\u00e1ticamente los encabezados confidenciales cuando es seguido un redireccionamiento a otro origen. Se ha identificado una medida de mitigaci\u00f3n mediante el uso de una estrategia de redireccionamiento personalizada por medio de la funci\u00f3n \"followRedirectsWith\". La estrategia personalizada puede basarse en las nuevas estrategias disponibles en fluture-node@4.0.2."
    }
  ],
  "id": "CVE-2022-24719",
  "lastModified": "2024-11-21T06:50:56.753",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-01T21:15:07.923",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/fluture-js/fluture-node/commit/0c99bc511533d48be17dc6bfe641f7d0aeb34d77"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/fluture-js/fluture-node/commit/125e4474f910c1507f8ec3232848626fbc0f55c4"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/fluture-js/fluture-node/security/advisories/GHSA-32x6-qvw6-mxj4"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/psf/requests/pull/4718"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/fluture-js/fluture-node/commit/0c99bc511533d48be17dc6bfe641f7d0aeb34d77"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/fluture-js/fluture-node/commit/125e4474f910c1507f8ec3232848626fbc0f55c4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://github.com/fluture-js/fluture-node/security/advisories/GHSA-32x6-qvw6-mxj4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/psf/requests/pull/4718"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-359"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-212"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.