CVE-2018-25091

CWE-601Open RedirectCWE-200Information Exposure12 documents8 sources
Severity
6.1MEDIUM
EPSS
0.3%
top 51.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Python Urllib3
Timeline
PublishedOct 15
Latest updateNov 15

Description

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

PyPIurllib3< 1.24.2
NVDpython/urllib3< 1.24.2
Debianpython-urllib3< 1.25.6-4+3
Ubuntupython-urllib3< 1.25.8-2ubuntu0.3+3
Ubuntupython-pip< 20.0.2-5ubuntu1.10+3

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

6
OSV
python-pip vulnerabilities2023-11-15
OSV
python-urllib3 vulnerabilities2023-11-07
GHSA
Authorization Header forwarded on redirect2023-10-15
CVEList
CVE-2018-25091: urllib3 before 12023-10-15
OSV
CVE-2018-25091: urllib3 before 12023-10-15

📋Vendor Advisories

5
Ubuntu
pip vulnerabilities2023-11-15
Ubuntu
urllib3 vulnerabilities2023-11-07
Red Hat
urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect2023-10-15
Microsoft
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in t2023-10-10
Debian
CVE-2018-25091: python-urllib3 - urllib3 before 1.24.2 does not remove the authorization HTTP header when followi...2018
CVE-2018-25091 (MEDIUM CVSS 6.1) | urllib3 before 1.24.2 does not remo | cvebase.io