Lucene search

K
redhatRedHatRHSA-2024:2734
HistoryMay 22, 2024 - 8:31 p.m.

(RHSA-2024:2734) Moderate: Red Hat OpenStack Platform 17.1 (python-urllib3) security update

2024-05-2220:31:21
access.redhat.com
17
red hat
openstack
security update
python-urllib3
redirect vulnerability
cvss score
cve page
http module

CVSS3

4.2

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0

Percentile

9.8%

Python HTTP module with connection pooling and file POST abilities.

Security Fix(es):

  • Request body not stripped after redirect from 303 status changes request
    method to GET (CVE-2023-45803)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarchpython3-urllib3< 1.25.10-6.el8ostpython3-urllib3-1.25.10-6.el8ost.noarch.rpm

CVSS3

4.2

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0

Percentile

9.8%