Miggo Logo

CVE-2022-31070: Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy

5.8

CVSS Score
3.1

Basic Information

EPSS Score
0.43289%
Published
6/17/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
@finastra/nestjs-proxynpm< 0.7.00.7.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from uncontrolled cookie forwarding in proxy middleware. The core issue would exist in the proxy request handling function that manages header transmission to backend services. The patch introduced cookie filtering via allowedCookies, indicating the original implementation lacked this security control. The createProxyMiddleware is a standard NestJS proxy implementation point where cookie headers would be processed, making it the most likely vulnerable function. Confidence is high due to: 1) The nature of the vulnerability requiring request proxying logic 2) Standard proxy implementation patterns in NestJS 3) The patch's focus on cookie filtering at the proxy level

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** n*stjs-proxy li*r*ry *i* not **v* * w*y to *lo*k s*nsitiv* *ooki*s (*.*. s*ssion *ooki*s) *rom **in* *orw*r*** to ***k*n* s*rvi**s *on*i*ur** *y t** *ppli**tion **v*lop*r. T*is *oul* **v* l** to s*nsitiv* *ooki*s **in* in**v*rt*ntly *xpos** to su

Reasoning

T** vuln*r**ility st*ms *rom un*ontroll** *ooki* *orw*r*in* in proxy mi**l*w*r*. T** *or* issu* woul* *xist in t** proxy r*qu*st **n*lin* `*un*tion` t**t m*n***s *****r tr*nsmission to ***k*n* s*rvi**s. T** p*t** intro*u*** *ooki* *ilt*rin* vi* `*llo