gsd-2022-31629
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-31629",
"description": "In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim\u0027s browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.",
"id": "GSD-2022-31629",
"references": [
"https://www.debian.org/security/2022/dsa-5277",
"https://advisories.mageia.org/CVE-2022-31629.html",
"https://www.suse.com/security/cve/CVE-2022-31629.html",
"https://ubuntu.com/security/CVE-2022-31629",
"https://access.redhat.com/errata/RHSA-2023:0848",
"https://access.redhat.com/errata/RHSA-2023:0965"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-31629"
],
"details": "In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim\u0027s browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.",
"id": "GSD-2022-31629",
"modified": "2023-12-13T01:19:18.127746Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2022-09-27T14:28:00.000Z",
"ID": "CVE-2022-31629",
"STATE": "PUBLIC",
"TITLE": "$_COOKIE names string replacement (. -\u003e _): cookie integrity vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.4.X",
"version_value": "7.4.31"
},
{
"version_affected": "\u003c",
"version_name": "8.0.X",
"version_value": "8.0.24"
},
{
"version_affected": "\u003c",
"version_name": "8.1.X",
"version_value": "8.1.11"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "reported by squarcina at gmail dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim\u0027s browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=81727",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=81727"
},
{
"name": "FEDORA-2022-0b77fbd9e7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/"
},
{
"name": "FEDORA-2022-afdea1c747",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/"
},
{
"name": "FEDORA-2022-f204e1d0ed",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/"
},
{
"name": "DSA-5277",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5277"
},
{
"name": "GLSA-202211-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202211-03"
},
{
"name": "https://security.netapp.com/advisory/ntap-20221209-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20221209-0001/"
},
{
"name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html"
},
{
"name": "FEDORA-2024-b46619f761",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGWIK3HMBACERGB4TSBB2JUOMPYY2VKY/"
},
{
"name": "FEDORA-2024-39d50cc975",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSJVPJTX7T3J5V7XHR4MFNHZGP44R5XE/"
},
{
"name": "FEDORA-2024-5e8ae0def0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to PHP 7.4.31, 8.0.24, or 8.1.11."
}
],
"source": {
"advisory": "https://bugs.php.net/bug.php?id=81727",
"defect": [
"81727"
],
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE52893E-2C1E-4E15-87AA-F61CD2F49783",
"versionEndExcluding": "7.4.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E90EE8-1091-4D52-A070-E378CCE5A344",
"versionEndExcluding": "8.0.24",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A9D0A59-77E8-4003-90BF-6E062540B8AD",
"versionEndExcluding": "8.1.11",
"versionStartIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim\u0027s browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications."
},
{
"lang": "es",
"value": "En PHP versiones anteriores a 7.4.31, 8.0.24 y 8.1.11, la vulnerabilidad permite a atacantes de la red y del mismo sitio establecer una cookie no segura est\u00e1ndar en el navegador de la v\u00edctima que es tratada como una cookie \"__Host-\" o \"__Secure-\" por las aplicaciones PHP"
}
],
"id": "CVE-2022-31629",
"lastModified": "2024-04-19T23:15:08.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-28T23:15:10.540",
"references": [
{
"source": "security@php.net",
"tags": [
"Exploit",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugs.php.net/bug.php?id=81727"
},
{
"source": "security@php.net",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html"
},
{
"source": "security@php.net",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/"
},
{
"source": "security@php.net",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY/"
},
{
"source": "security@php.net",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSJVPJTX7T3J5V7XHR4MFNHZGP44R5XE/"
},
{
"source": "security@php.net",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/"
},
{
"source": "security@php.net",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/"
},
{
"source": "security@php.net",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGWIK3HMBACERGB4TSBB2JUOMPYY2VKY/"
},
{
"source": "security@php.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202211-03"
},
{
"source": "security@php.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221209-0001/"
},
{
"source": "security@php.net",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5277"
}
],
"sourceIdentifier": "security@php.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@php.net",
"type": "Secondary"
}
]
}
}
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.