Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2023-23934

Published: 14 February 2023

Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.

Priority

Medium

Cvss 3 Severity Score

3.5

Score breakdown

Status

Package Release Status
python-werkzeug
Launchpad, Ubuntu, Debian
trusty Ignored
(end of standard support)
upstream
Released (2.2.3)
bionic
Released (0.14.1+dfsg1-1ubuntu0.2)
focal
Released (0.16.1+dfsg1-2ubuntu0.1)
jammy
Released (2.0.2+dfsg1-1ubuntu0.22.04.1)
kinetic
Released (2.0.2+dfsg1-3ubuntu0.22.10.1)
xenial
Released (0.10.4+dfsg1-1ubuntu1.2+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
lunar
Released (2.2.2-2ubuntu0.1)

Severity score breakdown

Parameter Value
Base score 3.5
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact Low
Availability impact None
Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N