CVE-2014-1830 — Sensitive Information Exposure in Requests

CWE-200 — Sensitive Information Exposure13 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 35.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python Requests Opensuse

Timeline

PublishedOct 15

Latest updateMay 14

Description

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶PyPIpython/requests< 2.3.0

▶Debianpython/requests< 2.3.0-1+3

▶Ubuntupython/requests< 2.2.1-1ubuntu0.1

▶NVDpython/requests2.2.1

▶NVDopensuse/opensuse13.1

🔴Vulnerability Details

OSV

Exposure of Sensitive Information to an Unauthorized Actor in Requests↗2022-05-14

▶

GHSA

Exposure of Sensitive Information to an Unauthorized Actor in Requests↗2022-05-14

▶

OSV

CVE-2014-1830: Requests (aka python-requests) before 2↗2014-10-15

▶

CVEList

CVE-2014-1830: Requests (aka python-requests) before 2↗2014-10-15

▶

OSV

requests vulnerabilities↗2014-10-14

▶

📋Vendor Advisories

Ubuntu

Requests vulnerabilities↗2014-10-14

▶

Debian

CVE-2014-1830: requests - Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sens...↗2014

▶

Red Hat

python-requests: Proxy-Authorization header leak↗2013-12-25

▶

💬Community

Bugzilla

CVE-2014-1829 CVE-2014-1830 python-requests: various flaws [epel-7]↗2014-09-22

▶

Bugzilla

CVE-2014-1830 python-requests: Proxy-Authorization header leak↗2014-09-22

▶

Bugzilla

CVE-2014-1829 CVE-2014-1830 python-requests: various flaws [fedora-all]↗2013-12-26

▶

Bugzilla

CVE-2014-1829 CVE-2014-1830 python-requests: various flaws [epel-6]↗2013-12-26

▶