Login Sign Up

CVE-2022-21712

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in the Twisted Python networking engine exposes sensitive authentication data (cookies and authorization headers) when following cross-origin redirects. Attackers can steal credentials and session tokens by tricking applications into making requests to malicious sites. Any Python application using Twisted's RedirectAgent or BrowserLikeRedirectAgent for HTTP requests is affected.

💻 Affected Systems

Products:
  • twisted
Versions: All versions before 22.1.0
Operating Systems: All operating systems running Python
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications using RedirectAgent or BrowserLikeRedirectAgent classes for HTTP requests with cross-origin redirects.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Twisted by Twisted

View all CVEs affecting Twisted →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover, session hijacking, and unauthorized access to protected resources by stealing authentication tokens and credentials.

🟠

Likely Case

Session hijacking and unauthorized access to user accounts or API endpoints that rely on cookies or authorization headers.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, but still exposes authentication data to potential interception.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires the attacker to control a redirect endpoint, but the vulnerability itself is straightforward to trigger.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: twisted 22.1.0 and later

Vendor Advisory: https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx

Restart Required: Yes

Instructions:

1. Upgrade twisted package: pip install --upgrade twisted>=22.1.0
2. Restart all affected Python applications
3. Verify no downgrades occur in dependency resolution

🔧 Temporary Workarounds

No known workarounds

all

The vendor advisory states there are no known workarounds for this vulnerability.

🧯 If You Can't Patch

  • Implement network-level controls to prevent outbound HTTP requests to untrusted domains
  • Monitor for unusual authentication patterns and implement strict session management controls

🔍 How to Verify

Check if Vulnerable:

Check twisted version: pip show twisted | grep Version

Check Version:

python -c "import twisted; print(twisted.__version__)"

Verify Fix Applied:

Confirm twisted version is 22.1.0 or higher: pip list | grep twisted

📡 Detection & Monitoring

Log Indicators:

  • Unusual cross-origin redirect patterns in HTTP client logs
  • Authentication failures following redirects to unexpected domains

Network Indicators:

  • HTTP requests with authentication headers being sent to multiple domains in redirect chains
  • Unexpected outbound connections following redirects

SIEM Query:

source="*twisted*" AND ("RedirectAgent" OR "BrowserLikeRedirectAgent") AND status="3xx"

📊 Metadata

CVE ID: CVE-2022-21712
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200
Published: February 7, 2022
Last Updated: November 25, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-21712, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)