#VU64188 Improperly implemented security check for standard in guzzle - CVE-2022-31042
Published: June 10, 2022
Vulnerability identifier: #VU64188
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-31042
CWE-ID: CWE-358
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
guzzle
guzzle
Software vendor:
Guzzle
Guzzle
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The
vulnerability exists due to insecure implementation when handling HTTPS
to HTTP redirects. The application includes "Cookie" header into
request if the target server responds with a redirect to a URI with the
`http` scheme, or on making a
request to a server which responds with a redirect to a a URI to a
different host. As a result a remote attacker can obtain the
authentication cookie and compromise the affected application.
Remediation
Install updates from vendor's website.