Search for vulnerabilities
Vulnerability details: VCID-wt5n-p8cu-aaaj
Vulnerability ID VCID-wt5n-p8cu-aaaj
Aliases CVE-2022-31629
Summary In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31629.json
epss 0.00548 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.00548 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.00548 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.00548 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.00640 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.00640 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.00640 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.00640 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.00640 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.00640 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.00640 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.00640 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.00640 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.00640 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.00640 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.00640 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.19565 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.19565 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.19565 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.19565 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.19978 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.19978 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.19978 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.19978 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.24478 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32038 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32587 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32587 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32587 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32587 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32587 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32587 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32587 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32587 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32587 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32587 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32587 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32587 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32587 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32587 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.32587 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
epss 0.3728 https://api.first.org/data/v1/epss?cve=CVE-2022-31629
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31629
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31629
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31629.json
https://api.first.org/data/v1/epss?cve=CVE-2022-31629
https://bugs.php.net/bug.php?id=81727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454
https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSJVPJTX7T3J5V7XHR4MFNHZGP44R5XE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGWIK3HMBACERGB4TSBB2JUOMPYY2VKY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/
https://security.gentoo.org/glsa/202211-03
https://security.netapp.com/advisory/ntap-20221209-0001/
https://www.debian.org/security/2022/dsa-5277
http://www.openwall.com/lists/oss-security/2024/04/12/11
1021138 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021138
2133687 https://bugzilla.redhat.com/show_bug.cgi?id=2133687
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2022-31629 https://nvd.nist.gov/vuln/detail/CVE-2022-31629
RHSA-2023:0848 https://access.redhat.com/errata/RHSA-2023:0848
RHSA-2023:0965 https://access.redhat.com/errata/RHSA-2023:0965
RHSA-2023:2417 https://access.redhat.com/errata/RHSA-2023:2417
RHSA-2023:2903 https://access.redhat.com/errata/RHSA-2023:2903
USN-5717-1 https://usn.ubuntu.com/5717-1/
USN-5905-1 https://usn.ubuntu.com/5905-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31629.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-31629
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-31629
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.77287
EPSS Score 0.00548
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.