Ubuntu.comUB:CVE-2022-31033CVE-2022-31033
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
41.2%
The Mechanize library is used for automating interaction with websites.
Mechanize automatically stores and sends cookies, follows redirects, and
can follow links and submit forms. In versions prior to 2.8.5 the
Authorization header is leaked after a redirect to a different port on the
same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There
are no known workarounds for this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 24.04 | noarch | ruby-mechanize | < any | UNKNOWN |
References
github.com/sparklemotion/mechanize/commit/17e5381032c90caf240ac3d2e52b353f40c18d83 (v2.8.0)
github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9
launchpad.net/bugs/cve/CVE-2022-31033
nvd.nist.gov/vuln/detail/CVE-2022-31033
security-tracker.debian.org/tracker/CVE-2022-31033
www.cve.org/CVERecord?id=CVE-2022-31033
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
41.2%