CVE-2022-31090

Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), if we choose to follow it, we should remove the `CURLOPT_HTTPAUTH` option before continuing, stopping curl from appending the `Authorization` header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather than curl.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
GitHub_MCNA
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
guzzlephpguzzle
𝑥
< 6.5.8
guzzlephpguzzle
7.0.0 ≤
𝑥
< 7.4.5
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
guzzle
sid
7.4.5-1
fixed
trixie
7.4.5-1
fixed
bookworm
7.4.5-1
fixed
buster
not-affected
mediawiki
bullseye
1:1.35.13-1+deb11u2
fixed
buster
not-affected
bullseye (security)
1:1.35.13-1+deb11u3
fixed
bookworm
1:1.39.7-1~deb12u1
fixed
bookworm (security)
1:1.39.10-1~deb12u1
fixed
sid
1:1.39.10-1
fixed
trixie
1:1.39.10-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
civicrm
noble
dne
mantic
dne
lunar
dne
kinetic
ignored
jammy
needs-triage
impish
ignored
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
dne
guzzle
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
ignored
jammy
dne
impish
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
icinga-php-thirdparty
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
impish
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
icingaweb2-module-reactbundle
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
impish
ignored
focal
dne
bionic
dne
xenial
dne
trusty
dne
mediawiki
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
needs-triage
impish
ignored
focal
needs-triage
bionic
needs-triage
xenial
dne
trusty
ignored
Common Weakness Enumeration
References
https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82
https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
https://security.gentoo.org/glsa/202305-24
https://www.debian.org/security/2022/dsa-5246
https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82
https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
https://security.gentoo.org/glsa/202305-24
https://www.debian.org/security/2022/dsa-5246