CVE-2022-31033

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mechanize versions prior to 2.8.5

Description The Mechanize library, used for automating interaction with websites, has an issue where the Authorization header is leaked after a redirect to a different port on the same site. This occurs in versions prior to 2.8.5. The library automatically stores and sends cookies, follows redirects, and can follow links and submit forms.

Recommendations For Mechanize versions prior to 2.8.5, upgrade to Mechanize v2.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information that could be leaked due to the Authorization header issue, until a patch is applied.

Exploit

Fix

Information Disclosure

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-522

Related Identifiers

ALT-PU-2023-1339

ALT-PU-2023-4274

ALT-PU-2024-7821

CVE-2022-31033

GHSA-64QM-HRGP-PGR9

Affected Products

Alt Linux

Debian

Mechanize

CVE-2022-31033

Weakness Enumeration

Related Identifiers

Affected Products

References · 18