Lucene search

K
redosRedosROS-20240902-12
HistorySep 02, 2024 - 12:00 a.m.

ROS-20240902-12

2024-09-0200:00:00
redos.red-soft.ru
8
vulnerability
retryablehttp
attacker
sensitive credentials
log file
http basic authentication

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

The vulnerability in the retryablehttp package is related to the lack of purging cleared URLs when writing them to its
log file. Exploitation of the vulnerability could allow an attacker to obtain sensitive credentials
HTTP basic authentication credentials

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64python3-pansi< 2020.7.3-1UNKNOWN

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

6.8

Confidence

Low