PublicDateAtUSN: 2022-02-07 22:15:00 UTC
Candidate: CVE-2022-21712
PublicDate: 2022-02-07 22:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21712
 https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx
 https://github.com/twisted/twisted/releases/tag/twisted-22.1.0
 https://ubuntu.com/security/notices/USN-5354-1
Description:
 twisted is an event-driven networking engine written in Python. In affected
 versions twisted exposes cookies and authorization headers when following
 cross-origin redirects. This issue is present in the
 `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent`
 functions. Users are advised to upgrade. There are no known workarounds.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: rayveldkamp
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_twisted:
 upstream: https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2
upstream_twisted: released (22.1.0)
trusty/esm_twisted: needed
esm-infra/xenial_twisted: needed
trusty_twisted: ignored (out of standard support)
xenial_twisted: ignored (out of standard support)
bionic_twisted: released (17.9.0-2ubuntu0.3)
focal_twisted: released (18.9.0-11ubuntu0.20.04.2)
impish_twisted: released (20.3.0-7ubuntu1.1)
jammy_twisted: released (22.1.0-2ubuntu2)
devel_twisted: released (22.1.0-2ubuntu2)