CVE-2023-45143
CVSS 3.1 Score 3.9 of 10 (low)
Details
Summary
CVE-2023-45143 is a vulnerability that affects the Undici HTTP/1.1 client for Node.js versions prior to 5.26.2. The vulnerability allows the accidental leakage of cookies to a third-party site or a malicious attacker who can control the redirection target. This occurs because Undici does not clear `Cookie` headers on cross-origin redirects, even though they are forbidden request headers. The potential danger to organizations is that sensitive cookie information could be exposed, posing a risk to user privacy and potentially enabling unauthorized access to accounts. The vulnerability was patched in version 5.26.2, and there are no known workarounds available.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions