Vulnerability Description
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Python | Urllib3 | < 1.24.2 |
Related Weaknesses (CWE)
References
- https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fPatch
- https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2Patch
- https://github.com/urllib3/urllib3/issues/1510Issue TrackingPatchVendor Advisory
- https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fPatch
- https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2Patch
- https://github.com/urllib3/urllib3/issues/1510Issue TrackingPatchVendor Advisory
FAQ
What is CVE-2018-25091?
CVE-2018-25091 is a vulnerability with a CVSS score of 6.1 (MEDIUM). urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in t...
How severe is CVE-2018-25091?
CVE-2018-25091 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-25091?
Check the references section above for vendor advisories and patch information. Affected products include: Python Urllib3.