CVE-2022-0536
Improper Removal of Sensitive Information Before Storage or Transfer in follow-redirects/follow-redirects
Severity Score
5.9
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.
Una Exposición de Información Confidencial a un Actor no Autorizado en NPM follow-redirects versiones anteriores a 1.14.8
A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle (MITM) attack.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-02-08 CVE Reserved
- 2022-02-09 CVE Published
- 2024-08-02 CVE Updated
- 2024-10-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445 | 2023-08-02 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2022-0536 | 2022-10-19 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2053259 | 2022-10-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Follow-redirects Project Search vendor "Follow-redirects Project" | Follow-redirects Search vendor "Follow-redirects Project" for product "Follow-redirects" | < 1.14.8 Search vendor "Follow-redirects Project" for product "Follow-redirects" and version " < 1.14.8" | node.js |
Affected
|