VDB

RHSA-2022%3A5840

RHSA-2022%3A5840 PUBLISHED CVSS 7.099999904632568 HIGH

A flaw was found in the cross-fetch library when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.

Risk Scores

CVSS 3.1
7.099999904632568
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Affected Products

VendorProductVersions
Red Hatrhmtc/openshift-migration-legacy-rhel8-operator@sha256:ebfe5e46136403487d93b86ea8e3b45dd41a23bc2832f3ada395f68325b4144d_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-legacy-rhel8-operator@sha256:ebfe5e46136403487d93b86ea8e3b45dd41a23bc2832f3ada395f68325b4144d_amd64
Red Hatrhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8a0c0152a14de141be1dd68e1470dd3d48e6acab594c80464429825f76eafffb_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8a0c0152a14de141be1dd68e1470dd3d48e6acab594c80464429825f76eafffb_amd64
Red Hatrhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:0219496435c302abb17fb7edb31f272dea5a7fb60682299cd06e561bc5ff92df_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:0219496435c302abb17fb7edb31f272dea5a7fb60682299cd06e561bc5ff92df_amd64
Red Hatrhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:d2157b916648e7dbbf02ae053c1ff5c87828a6ea23f496932ef49999a6ea906a_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:d2157b916648e7dbbf02ae053c1ff5c87828a6ea23f496932ef49999a6ea906a_amd64
Red Hatrhmtc/openshift-migration-operator-bundle@sha256:30464ddc47f4f0120b09d2743c67bfa334e0492e425bdc56ebe8995dc445c641_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-operator-bundle@sha256:30464ddc47f4f0120b09d2743c67bfa334e0492e425bdc56ebe8995dc445c641_amd64
Red Hatrhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:0219496435c302abb17fb7edb31f272dea5a7fb60682299cd06e561bc5ff92df_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:0219496435c302abb17fb7edb31f272dea5a7fb60682299cd06e561bc5ff92df_amd64
Red Hatrhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:d2157b916648e7dbbf02ae053c1ff5c87828a6ea23f496932ef49999a6ea906a_amd64 as a component of 8Base-RHMTC-1.7*
Red Hatrhmtc/openshift-migration-log-reader-rhel8@sha256:c4c002370992e78296dc8df029b58a14de21df148f1b786879e40c7b26f55d2a_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-log-reader-rhel8@sha256:c4c002370992e78296dc8df029b58a14de21df148f1b786879e40c7b26f55d2a_amd64
Red Hatrhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8a0c0152a14de141be1dd68e1470dd3d48e6acab594c80464429825f76eafffb_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8a0c0152a14de141be1dd68e1470dd3d48e6acab594c80464429825f76eafffb_amd64
Red Hatrhmtc/openshift-migration-rsync-transfer-rhel8@sha256:6c329908061f6d9d64f42df3d56698768d6cdd4317488fde384d02246da94cce_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:6c329908061f6d9d64f42df3d56698768d6cdd4317488fde384d02246da94cce_amd64
Red Hatrhmtc/openshift-migration-velero-rhel8@sha256:add80d664c2b13f724e19e918bcfd3ce271624960d61745ae835fef65aa56661_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-velero-rhel8@sha256:add80d664c2b13f724e19e918bcfd3ce271624960d61745ae835fef65aa56661_amd64
Red Hatrhmtc/openshift-migration-controller-rhel8@sha256:03e0f38c3322c9e0f96d437ab0b7f179ad7fe6b98b3bb48c8b05ccd0e5965a5e_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-controller-rhel8@sha256:03e0f38c3322c9e0f96d437ab0b7f179ad7fe6b98b3bb48c8b05ccd0e5965a5e_amd64
Red Hatrhmtc/openshift-migration-must-gather-rhel8@sha256:dcc13d7a3b2568686efd69c3c6c8f97f35fae4e496215ff3e8f941cb857ba6c2_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-must-gather-rhel8@sha256:dcc13d7a3b2568686efd69c3c6c8f97f35fae4e496215ff3e8f941cb857ba6c2_amd64
Red Hatrhmtc/openshift-migration-legacy-rhel8-operator@sha256:ebfe5e46136403487d93b86ea8e3b45dd41a23bc2832f3ada395f68325b4144d_amd64 as a component of 8Base-RHMTC-1.7*
Red Hatrhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a6f0fc1c0439e0275df3fdf48286e43a1ae64926fe2ef3e5e20e6db0b28fc131_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:a6f0fc1c0439e0275df3fdf48286e43a1ae64926fe2ef3e5e20e6db0b28fc131_amd64
Red Hatrhmtc/openshift-migration-must-gather-rhel8@sha256:dcc13d7a3b2568686efd69c3c6c8f97f35fae4e496215ff3e8f941cb857ba6c2_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-must-gather-rhel8@sha256:dcc13d7a3b2568686efd69c3c6c8f97f35fae4e496215ff3e8f941cb857ba6c2_amd64
Red Hatrhmtc/openshift-migration-openvpn-rhel8@sha256:ab6adb9b97054f77cd4c6a7a2779b9a460e4522811a8085f369cca874e952773_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-openvpn-rhel8@sha256:ab6adb9b97054f77cd4c6a7a2779b9a460e4522811a8085f369cca874e952773_amd64
Red Hatrhmtc/openshift-migration-openvpn-rhel8@sha256:ab6adb9b97054f77cd4c6a7a2779b9a460e4522811a8085f369cca874e952773_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-openvpn-rhel8@sha256:ab6adb9b97054f77cd4c6a7a2779b9a460e4522811a8085f369cca874e952773_amd64
Red Hatrhmtc/openshift-velero-plugin-rhel8@sha256:9dacf917da6b6230f6b32b7104b08fddf3ee53bf71cf4bc595dd56e0085d84cf_amd64 as a component of 8Base-RHMTC-1.7*
Red Hatrhmtc/openshift-migration-velero-rhel8@sha256:add80d664c2b13f724e19e918bcfd3ce271624960d61745ae835fef65aa56661_amd64 as a component of 8Base-RHMTC-1.7rhmtc/openshift-migration-velero-rhel8@sha256:add80d664c2b13f724e19e918bcfd3ce271624960d61745ae835fef65aa56661_amd64

…and 12 more

Timeline

  • Aug 2, 2022 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 30, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›