CVE-2022-0155
Exposure of Private Personal Information to an Unauthorized Actor in follow-redirects/follow-redirects
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
follow-redirects es vulnerable a una Exposición de Información Personal Privada a un Actor no Autorizado
A flaw was found in follow-redirects when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-07 CVE Reserved
- 2022-01-10 CVE Published
- 2024-07-18 First Exploit
- 2024-08-02 CVE Updated
- 2024-08-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-359: Exposure of Private Personal Information to an Unauthorized Actor
CAPEC
References (6)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/coana-tech/CVE-2022-0155-PoC | 2024-07-18 | |
| https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406 | 2024-08-02 |
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf | 2022-10-28 | |
| https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 | 2022-10-28 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-0155 | 2022-11-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2044556 | 2022-11-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Follow-redirects Project Search vendor "Follow-redirects Project" | Follow-redirects Search vendor "Follow-redirects Project" for product "Follow-redirects" | < 1.14.7 Search vendor "Follow-redirects Project" for product "Follow-redirects" and version " < 1.14.7" | node.js |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Sinec Ins Search vendor "Siemens" for product "Sinec Ins" | < 1.0 Search vendor "Siemens" for product "Sinec Ins" and version " < 1.0" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Sinec Ins Search vendor "Siemens" for product "Sinec Ins" | 1.0 Search vendor "Siemens" for product "Sinec Ins" and version "1.0" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Sinec Ins Search vendor "Siemens" for product "Sinec Ins" | 1.0 Search vendor "Siemens" for product "Sinec Ins" and version "1.0" | sp1 |
Affected
| ||||||