Home

CVE-2022-21712

Description

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the twited.web.RedirectAgent and twisted.web. BrowserLikeRedirectAgent functions. Users are advised to upgrade. There are no known workarounds.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.241

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-21712 are fixed in Duo Security Authentication Proxy (5.7.0)Windows
Vulnerabilities CVE-2022-21712,CVE-2020-14422,CVE-2021-29921 are fixed in Duo Security Authentication Proxy (5.7.0)Windows
Vulnerabilities CVE-2022-0778,CVE-2022-21712 are fixed in Duo Security Authentication Proxy (5.6.1)Windows
Vulnerabilities CVE-2022-0778,CVE-2022-21712,CVE-2020-14422,CVE-2021-29921 are fixed in Duo Security Authentication Proxy (5.6.1)Windows
Vulnerabilities CVE-2022-0778,CVE-2022-21712 are fixed in Duo Security Authentication Proxy (5.6.0)Windows
Vulnerabilities CVE-2022-0778,CVE-2022-21712,CVE-2020-14422,CVE-2021-29921 are fixed in Duo Security Authentication Proxy (5.6.0)Windows
Vulnerabilities CVE-2022-0778,CVE-2022-21712 are fixed in Duo Security Authentication Proxy (5.5.1)Windows
Vulnerabilities CVE-2022-0778,CVE-2022-21712,CVE-2020-14422,CVE-2021-29921 are fixed in Duo Security Authentication Proxy (5.5.1)Windows
Vulnerabilities CVE-2020-1971,CVE-2022-0778,CVE-2022-21712 are fixed in Duo Security Authentication Proxy (5.5.0)Windows
Vulnerabilities CVE-2022-21712 are fixed in Python-twisted 22.1.0Windows
Event-based framework for internet applications (USN-5354-1) python-twisted_17.9.0-2ubuntu0.3_all.debLinux
Event-based framework for internet applications (USN-5354-1) python3-twisted_17.9.0-2ubuntu0.3_all.debLinux
Event-based framework for internet applications (USN-5354-1) python3-twisted_20.3.0-7ubuntu1.1_all.debLinux
Event-based framework for internet applications (USN-5354-1) python3-twisted_18.9.0-11ubuntu0.20.04.2_all.debLinux
Event-based framework for internet applications (USN-5354-1) python-twisted-bin_17.9.0-2ubuntu0.3_i386.debLinux
Event-based framework for internet applications (USN-5354-1) python-twisted-bin_17.9.0-2ubuntu0.3_amd64.debLinux
Event-based framework for internet applications (USN-5354-1) python3-twisted-bin_17.9.0-2ubuntu0.3_i386.debLinux
Event-based framework for internet applications (USN-5354-1) python3-twisted-bin_17.9.0-2ubuntu0.3_amd64.debLinux
Event-based framework for internet applications (USN-5354-1) python3-twisted-bin_20.3.0-7ubuntu1.1_amd64.debLinux
Event-based framework for internet applications (USN-5354-1) python3-twisted-bin_18.9.0-11ubuntu0.20.04.2_amd64.debLinux
python-twisted Security Update (ALAS2023-2023-056) python3-twisted-22.4.0-124.amzn2023.0.2.noarch.rpmLinux
python-twisted Security Update (ALAS2023-2023-056) python3-twisted+tls-22.4.0-124.amzn2023.0.2.noarch.rpmLinux
Vulnerabilities CVE-2022-21712 are fixed in Python-twisted for linux 22.1.0Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-342393Duo Security Authentication Proxy (6.4.2)
PATCH-342393Duo Security Authentication Proxy (6.4.2)
PATCH-338054Duo Security Authentication Proxy (6.4.0)
PATCH-338227Duo Security Authentication Proxy (6.4.1)
PATCH-338227Duo Security Authentication Proxy (6.4.1)
PATCH-342393Duo Security Authentication Proxy (6.4.2)
PATCH-342393Duo Security Authentication Proxy (6.4.2)
PATCH-347413Duo Security Authentication Proxy (6.5.0)
PATCH-347413Duo Security Authentication Proxy (6.5.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234