CVE-2014-1829 — Sensitive Information Exposure in Requests

CWE-200 — Sensitive Information Exposure CWE-285 — Improper Authorization CWE-201 — Sensitive Info Insertion into Sent Data16 documents9 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 34.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python Requests Canonical Ubuntu Linux Debian Linux +1 more

Timeline

PublishedOct 15

Latest updateMay 17

Description

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶PyPIpython/requests< 2.3.0

▶Debianpython/requests< 2.3.0-1+3

▶Ubuntupython/requests< 2.2.1-1ubuntu0.1

▶NVDpython/requests2.2.1

▶NVDmageia/mageia4.0

Also affects: Debian Linux 7.0, Ubuntu Linux 14.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Exposure of Sensitive Information to an Unauthorized Actor in Requests↗2022-05-17

▶

OSV

Exposure of Sensitive Information to an Unauthorized Actor in Requests↗2022-05-17

▶

CVEList

CVE-2014-1829: Requests (aka python-requests) before 2↗2014-10-15

▶

OSV

CVE-2014-1829: Requests (aka python-requests) before 2↗2014-10-15

▶

OSV

requests vulnerabilities↗2014-10-14

▶

💥Exploits & PoCs

Nuclei

Titan FTP Server Search Function < 10.40 - User Enumeration

▶

Nuclei

Titan FTP Server < 10.40 Move Function - Directory Traversal

▶

Nuclei

Titan FTP Server < 10.40 - User Properties Traversal

▶

📋Vendor Advisories

Ubuntu

Requests vulnerabilities↗2014-10-14

▶

Debian

CVE-2014-1829: requests - Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a ne...↗2014

▶

Red Hat

python-requests: redirect can expose netrc password↗2013-12-25

▶

💬Community

Bugzilla

CVE-2014-1829 CVE-2014-1830 python-requests: various flaws [epel-7]↗2014-09-22

▶

Bugzilla

CVE-2014-1829 CVE-2014-1830 python-requests: various flaws [fedora-all]↗2013-12-26

▶

Bugzilla

CVE-2014-1829 CVE-2014-1830 python-requests: various flaws [epel-6]↗2013-12-26

▶

Bugzilla

CVE-2014-1829 python-requests: redirect can expose netrc password↗2013-12-26

▶