FKIE_CVE-2022-2880

Vulnerability from fkie_nvd - Published: 2022-10-14 15:15 - Updated: 2024-11-21 07:01
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.
References
security@golang.orghttps://go.dev/cl/432976Patch
security@golang.orghttps://go.dev/issue/54663Exploit, Issue Tracking, Third Party Advisory
security@golang.orghttps://groups.google.com/g/golang-announce/c/xtuG5faxtaUMailing List, Release Notes
security@golang.orghttps://pkg.go.dev/vuln/GO-2022-1038Vendor Advisory
security@golang.orghttps://security.gentoo.org/glsa/202311-09
af854a3a-2127-422b-91ae-364da2661108https://go.dev/cl/432976Patch
af854a3a-2127-422b-91ae-364da2661108https://go.dev/issue/54663Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://groups.google.com/g/golang-announce/c/xtuG5faxtaUMailing List, Release Notes
af854a3a-2127-422b-91ae-364da2661108https://pkg.go.dev/vuln/GO-2022-1038Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202311-09
Impacted products
Vendor Product Version
golang go *
golang go *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CB667C1-EC12-4400-B4F0-6D3B7DDAAD99",
              "versionEndExcluding": "1.18.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7614AA04-CA34-4ED8-B580-005EA84BD5B4",
              "versionEndExcluding": "1.19.2",
              "versionStartIncluding": "1.19.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged."
    },
    {
      "lang": "es",
      "value": "Las peticiones reenviadas por ReverseProxy incluyen los par\u00e1metros de consulta sin procesar de la petici\u00f3n entrante, incluyendo par\u00e1metros no analizables rechazados por net/http. Esto podr\u00eda permitir el contrabando de par\u00e1metros de consulta cuando un proxy Go reenv\u00eda un par\u00e1metro con un valor no analizable. Despu\u00e9s de la correcci\u00f3n, ReverseProxy sanea los par\u00e1metros de consulta en la consulta reenviada cuando el campo Form de la petici\u00f3n saliente es establecido despu\u00e9s de que la funci\u00f3n ReverseProxy. La funci\u00f3n Director regresa, indicando que el proxy ha analizado los par\u00e1metros de la consulta. Los proxies que no analizan los par\u00e1metros de consulta contin\u00faan reenviando los par\u00e1metros de consulta originales sin cambios"
    }
  ],
  "id": "CVE-2022-2880",
  "lastModified": "2024-11-21T07:01:51.610",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-10-14T15:15:18.090",
  "references": [
    {
      "source": "security@golang.org",
      "tags": [
        "Patch"
      ],
      "url": "https://go.dev/cl/432976"
    },
    {
      "source": "security@golang.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://go.dev/issue/54663"
    },
    {
      "source": "security@golang.org",
      "tags": [
        "Mailing List",
        "Release Notes"
      ],
      "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU"
    },
    {
      "source": "security@golang.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pkg.go.dev/vuln/GO-2022-1038"
    },
    {
      "source": "security@golang.org",
      "url": "https://security.gentoo.org/glsa/202311-09"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://go.dev/cl/432976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://go.dev/issue/54663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Release Notes"
      ],
      "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pkg.go.dev/vuln/GO-2022-1038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202311-09"
    }
  ],
  "sourceIdentifier": "security@golang.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.