CVE-2022-45410

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-45410

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-45410.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-45410

Downstream

DEBIAN-CVE-2022-45410

DLA-3196-1

DLA-3199-1

DSA-5282-1

DSA-5284-1

OESA-2023-1673

OESA-2023-1674

RHSA-2022:8543

RHSA-2022:8544

RHSA-2022:8545

RHSA-2022:8547

RHSA-2022:8548

RHSA-2022:8549

RHSA-2022:8550

RHSA-2022:8552

RHSA-2022:8553

RHSA-2022:8554

RHSA-2022:8555

RHSA-2022:8556

RHSA-2022:8561

RHSA-2022:8580

RHSA-2022:8979

RHSA-2022:8980

SUSE-SU-2022:4058-1

SUSE-SU-2022:4083-1

SUSE-SU-2022:4085-1

SUSE-SU-2022:4247-1

UBUNTU-CVE-2022-45410

USN-5726-1

USN-5824-1

openSUSE-SU-2024:12518-1

openSUSE-SU-2024:12519-1

openSUSE-SU-2024:12532-1

openSUSE-SU-2024:14572-1

Related

Published

2022-12-22T20:15:43Z

Modified

2025-08-09T20:01:25Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.

References

Affected packages