CVE-2018-20060
moderate-risk
Published 2018-12-11
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.
Do I need to act?
-
0.43% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 7c216f433e39e184b84cbfa49e41135a89e4baa0
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Vendors
References (23)
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1649153
Third Party Advisory
https://github.com/urllib3/urllib3/issues/1316
Third Party Advisory
https://github.com/urllib3/urllib3/pull/1346
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1649153
Third Party Advisory
https://github.com/urllib3/urllib3/issues/1316
Third Party Advisory
https://github.com/urllib3/urllib3/pull/1346
and 3 more references
44
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
10/34 · Low