VDB
RHSA-2022%3A5840
RHSA-2022%3A5840
PUBLISHED
CVSS 7.099999904632568 HIGH
A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.
Risk Scores
CVSS 3.1
7.099999904632568
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ebfe5e46136403487d93b86ea8e3b45dd41a23bc2832f3ada395f68325b4144d_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ebfe5e46136403487d93b86ea8e3b45dd41a23bc2832f3ada395f68325b4144d_amd64 |
| Red Hat | rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8a0c0152a14de141be1dd68e1470dd3d48e6acab594c80464429825f76eafffb_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8a0c0152a14de141be1dd68e1470dd3d48e6acab594c80464429825f76eafffb_amd64 |
| Red Hat | rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:0219496435c302abb17fb7edb31f272dea5a7fb60682299cd06e561bc5ff92df_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:0219496435c302abb17fb7edb31f272dea5a7fb60682299cd06e561bc5ff92df_amd64 |
| Red Hat | rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:d2157b916648e7dbbf02ae053c1ff5c87828a6ea23f496932ef49999a6ea906a_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:d2157b916648e7dbbf02ae053c1ff5c87828a6ea23f496932ef49999a6ea906a_amd64 |
| Red Hat | rhmtc/openshift-migration-operator-bundle@sha256:30464ddc47f4f0120b09d2743c67bfa334e0492e425bdc56ebe8995dc445c641_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-operator-bundle@sha256:30464ddc47f4f0120b09d2743c67bfa334e0492e425bdc56ebe8995dc445c641_amd64 |
| Red Hat | rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:0219496435c302abb17fb7edb31f272dea5a7fb60682299cd06e561bc5ff92df_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:0219496435c302abb17fb7edb31f272dea5a7fb60682299cd06e561bc5ff92df_amd64 |
| Red Hat | rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:d2157b916648e7dbbf02ae053c1ff5c87828a6ea23f496932ef49999a6ea906a_amd64 as a component of 8Base-RHMTC-1.7 | * |
| Red Hat | rhmtc/openshift-migration-log-reader-rhel8@sha256:c4c002370992e78296dc8df029b58a14de21df148f1b786879e40c7b26f55d2a_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-log-reader-rhel8@sha256:c4c002370992e78296dc8df029b58a14de21df148f1b786879e40c7b26f55d2a_amd64 |
| Red Hat | rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8a0c0152a14de141be1dd68e1470dd3d48e6acab594c80464429825f76eafffb_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8a0c0152a14de141be1dd68e1470dd3d48e6acab594c80464429825f76eafffb_amd64 |
| Red Hat | rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:6c329908061f6d9d64f42df3d56698768d6cdd4317488fde384d02246da94cce_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:6c329908061f6d9d64f42df3d56698768d6cdd4317488fde384d02246da94cce_amd64 |
| Red Hat | rhmtc/openshift-migration-velero-rhel8@sha256:add80d664c2b13f724e19e918bcfd3ce271624960d61745ae835fef65aa56661_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-velero-rhel8@sha256:add80d664c2b13f724e19e918bcfd3ce271624960d61745ae835fef65aa56661_amd64 |
| Red Hat | rhmtc/openshift-migration-controller-rhel8@sha256:03e0f38c3322c9e0f96d437ab0b7f179ad7fe6b98b3bb48c8b05ccd0e5965a5e_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-controller-rhel8@sha256:03e0f38c3322c9e0f96d437ab0b7f179ad7fe6b98b3bb48c8b05ccd0e5965a5e_amd64 |
| Red Hat | rhmtc/openshift-migration-must-gather-rhel8@sha256:dcc13d7a3b2568686efd69c3c6c8f97f35fae4e496215ff3e8f941cb857ba6c2_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-must-gather-rhel8@sha256:dcc13d7a3b2568686efd69c3c6c8f97f35fae4e496215ff3e8f941cb857ba6c2_amd64 |
| Red Hat | rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ebfe5e46136403487d93b86ea8e3b45dd41a23bc2832f3ada395f68325b4144d_amd64 as a component of 8Base-RHMTC-1.7 | * |
| Red Hat | rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a6f0fc1c0439e0275df3fdf48286e43a1ae64926fe2ef3e5e20e6db0b28fc131_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a6f0fc1c0439e0275df3fdf48286e43a1ae64926fe2ef3e5e20e6db0b28fc131_amd64 |
| Red Hat | rhmtc/openshift-migration-must-gather-rhel8@sha256:dcc13d7a3b2568686efd69c3c6c8f97f35fae4e496215ff3e8f941cb857ba6c2_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-must-gather-rhel8@sha256:dcc13d7a3b2568686efd69c3c6c8f97f35fae4e496215ff3e8f941cb857ba6c2_amd64 |
| Red Hat | rhmtc/openshift-migration-openvpn-rhel8@sha256:ab6adb9b97054f77cd4c6a7a2779b9a460e4522811a8085f369cca874e952773_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-openvpn-rhel8@sha256:ab6adb9b97054f77cd4c6a7a2779b9a460e4522811a8085f369cca874e952773_amd64 |
| Red Hat | rhmtc/openshift-migration-openvpn-rhel8@sha256:ab6adb9b97054f77cd4c6a7a2779b9a460e4522811a8085f369cca874e952773_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-openvpn-rhel8@sha256:ab6adb9b97054f77cd4c6a7a2779b9a460e4522811a8085f369cca874e952773_amd64 |
| Red Hat | rhmtc/openshift-velero-plugin-rhel8@sha256:9dacf917da6b6230f6b32b7104b08fddf3ee53bf71cf4bc595dd56e0085d84cf_amd64 as a component of 8Base-RHMTC-1.7 | * |
| Red Hat | rhmtc/openshift-migration-velero-rhel8@sha256:add80d664c2b13f724e19e918bcfd3ce271624960d61745ae835fef65aa56661_amd64 as a component of 8Base-RHMTC-1.7 | rhmtc/openshift-migration-velero-rhel8@sha256:add80d664c2b13f724e19e918bcfd3ce271624960d61745ae835fef65aa56661_amd64 |
…and 12 more
Timeline
- Aug 2, 2022 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2022:5840 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2076133 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2077688 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2077689 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2082216 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2084085 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2091965 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2099856 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2102231 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2106073 issue
- https://issues.redhat.com/browse/MIG-1155 advisory
- https://issues.redhat.com/browse/MIG-1242 advisory
- https://issues.redhat.com/browse/MIG-1254 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5840.json advisory
- https://access.redhat.com/security/cve/CVE-2022-1365 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-1365 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-1365 advisory
- https://huntr.dev/bounties/ab55dfdd-2a60-437a-a832-e3efe3d264ac/ advisory
- https://access.redhat.com/security/cve/CVE-2022-24675 advisory
…and 10 more