Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ALMA_LINUX_ALSA-2023-4520.NASLHistoryAug 09, 2023 - 12:00 a.m.
AlmaLinux 8 : python-requests (ALSA-2023:4520)
2023-08-0900:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
almalinux 8
python-requests
vulnerability
proxy-authorization
https
cve-2023-32681
patch
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
EPSS
0.003
Percentile
68.3%
The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:4520 advisory.
- Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use
rebuild_proxiesto reattach theProxy-Authorizationheader to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, theProxy-Authorizationheader must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.
(CVE-2023-32681)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2023:4520.
##
include('compat.inc');
if (description)
{
script_id(179617);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/26");
script_cve_id("CVE-2023-32681");
script_xref(name:"ALSA", value:"2023:4520");
script_name(english:"AlmaLinux 8 : python-requests (ALSA-2023:4520)");
script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the
ALSA-2023:4520 advisory.
- Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to
destination servers when redirected to an HTTPS endpoint. This is a product of how we use
`rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent
through the tunnel, the proxy will identify the header in the request itself and remove it prior to
forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must
be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in
Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious
actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.
(CVE-2023-32681)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/8/ALSA-2023-4520.html");
script_set_attribute(attribute:"solution", value:
"Update the affected python3-requests package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-32681");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(402);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/22");
script_set_attribute(attribute:"patch_publication_date", value:"2023/08/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:python3-requests");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::appstream");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::baseos");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::highavailability");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::nfv");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::powertools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::realtime");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::resilientstorage");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::sap");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::sap_hana");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8::supplementary");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Alma Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/AlmaLinux/release');
if (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_ver = pregmatch(pattern: "AlmaLinux release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);
if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);
var pkgs = [
{'reference':'python3-requests-2.20.0-3.el8_8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-requests');
}
Related
nessus
nessus
Fedora 38 : mingw-python-requests (2023-f3824383be)
2023-06-04 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-requests (SUSE-SU-2023:2866-1)
2023-07-19 00:00:00
GLSA-202309-08 : Requests: Information Leak
2023-09-17 00:00:00
prion
prion
Design/Logic Flaw
2023-05-26 18:15:00
redhat
redhat
(RHSA-2024:0299) Moderate: python-requests security update
2024-01-18 16:11:51
(RHSA-2023:4520) Moderate: python-requests security update
2023-08-08 07:20:58
(RHSA-2023:7042) Moderate: python27:2.7 security and bug fix update
2023-11-14 08:43:31
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2638-1)
2024-02-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:2883-1)
2024-02-28 00:00:00
Fedora: Security Advisory for python-requests (FEDORA-2023-521ebb9cbb)
2023-05-26 00:00:00
almalinux
almalinux
Moderate: python27:2.7 security and bug fix update
2023-11-14 00:00:00
Moderate: python-requests security update
2023-08-01 00:00:00
Moderate: python-requests security update
2023-08-08 00:00:00
cgr
cgr
CVE-2023-32681 vulnerabilities
2024-05-19 03:07:16
ibm
ibm
ubuntu
ubuntu
Requests vulnerability
2023-06-15 00:00:00
Requests vulnerability
2023-06-12 00:00:00
rocky
rocky
python-requests security update
2023-08-28 18:40:41
fedora
fedora
[SECURITY] Fedora 38 Update: python-requests-2.28.2-2.fc38
2023-05-25 01:12:12
[SECURITY] Fedora 38 Update: mingw-python-requests-2.31.0-1.fc38
2023-06-04 01:23:19
[SECURITY] Fedora 37 Update: python-requests-2.28.1-3.fc37
2023-05-27 01:26:55
redhatcve
redhatcve
CVE-2023-32681
2023-05-24 03:40:09
cve
cve
CVE-2023-32681
2023-05-26 18:15:14
osv
osv
PYSEC-2023-74
2023-05-26 18:15:00
CGA-jw5m-ghm3-2mhw
2024-06-06 12:28:19
Unintended leak of Proxy-Authorization header in requests
2023-05-22 20:36:32
amazon
amazon
Medium: python3-requests
2023-07-05 22:01:00
Medium: python-requests
2023-07-05 22:01:00
oraclelinux
oraclelinux
python-requests security update
2023-08-02 00:00:00
python-requests security update
2023-08-11 00:00:00
python27:2.7 security and bug fix update
2023-11-18 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-32681 affecting package python-requests 2.22.0-2
2023-06-27 21:25:25
cvelist
cvelist
CVE-2023-32681 Unintended leak of Proxy-Authorization header in requests
2023-05-26 17:02:52
redos
redos
ROS-20240408-11
2024-04-08 00:00:00
mageia
mageia
Updated python-requests packages fix security vulnerability
2023-06-28 08:21:41
ubuntucve
ubuntucve
CVE-2023-32681
2023-05-26 00:00:00
veracode
veracode
Unintended Leaks Of Proxy-Authorization Header
2023-05-24 02:21:58
debiancve
debiancve
CVE-2023-32681
2023-05-26 18:15:14
githubexploit
githubexploit
gentoo
gentoo
Requests: Information Leak
2023-09-17 00:00:00
debian
debian
[SECURITY] [DLA 3456-1] requests security update
2023-06-18 16:06:44
github
github
Unintended leak of Proxy-Authorization header in requests
2023-05-22 20:36:32
nvd
nvd
CVE-2023-32681
2023-05-26 18:15:14
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
EPSS
0.003
Percentile
68.3%
Related for ALMA_LINUX_ALSA-2023-4520.NASL