Lucene search

K
redhatcveRedhat.comRH:CVE-2024-28849
HistoryMar 14, 2024 - 6:39 p.m.

CVE-2024-28849

2024-03-1418:39:56
redhat.com
access.redhat.com
23
cve-2024-28849
cross-domain redirection
data confidentiality

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0

Percentile

10.3%

A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, follow-redirects clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0

Percentile

10.3%