Astra Linux - уязвимость в python-urllib3

In urllib3 before version 1.24.2, the authorization HTTP header is not removed when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE:...

MiracleLinux 8 : python-pip-9.0.3-16.el8 (AXSA:2020-285:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-285:03 advisory. python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20060 python-urllib3: CRLF injection...

[Important] [Security] Vulnerability Fixes in urllib3, PyYAML, and Pillow (CVE-2018-20060, CVE-2020-1747, CVE-2020-14343, CVE-2023-50447, and CVE-2023-44271) for VzLinux 7.9

This update fixes the vulnerabilities in urllib3, PyYAML, and Pillow, which are registered as CVE-2018-20060, CVE-2020-1747, CVE-2020-14343, CVE-2023-50447, and CVE-2023-44271...

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

...

Linux Distros Unpatched Vulnerability : CVE-2018-20060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or...

RHEL 6 : python-urllib3 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure...

urllib3: urllib3 does not remove the authorization HTTP header when following a cross-origin redirect

A flaw was found in the urllib3 package. Affected versions of this package are vulnerable to information exposure through sent data when the authorization HTTP header is not removed during a cross-origin redirect. An attacker can expose credentials in the authorization header to unintended hosts ...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1703)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-20060

creationtimestamp| type| source ---|---|--- 2023-10-23 11:43:47+00:00| seen| https://t.me/cibsecurity/72293 2026-04-02 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0395/...

Authorization HTTP Header Leakage

Urllib3 is vulnerable to Information Disclosure. The vulnerability exists in cross-origin redirects, due to authorization HTTP header leakage. This can result in the authorization header being leaked to unintended hosts after a redirect, which results in information disclosure. This vulnerability...

Authorization Header forwarded on redirect

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this...

Authorization

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this...

Debian dla-3610 : python-urllib3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3610 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3610-1 [email protected]...

Oracle Linux 8 : python-pip (ELSA-2020-1916)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1916 advisory. 9.0.3-16 - Add four new patches for CVEs in bundled urllib3 and requests CVE-2018-20060, CVE-2019-11236, CVE-2019-11324, CVE-2018-18074 Resolves:...

Oracle Linux 7 : python-urllib3 (ELSA-2019-2272)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2272 advisory. - Add patch for CVE-2019-11236 Resolves: rhbz1703360 Tenable has extracted the preceding description block directly from the Oracle Linux security...

K000133668: Python urllib3 vulnerability CVE-2018-20060

Security Advisory Description urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or...

Mageia: Security Advisory (MGASA-2019-0258)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 2.0: Python PHSA-2021-2.0-0393

An update of the python package has been released. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-2.0-0393. The text itself is copyright C VMware, Inc...

CVE-2018-20060

urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext...

Debian DLA-2686-1 : python-urllib3 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2686 advisory. Several vulnerabilities were discovered in python-urllib3, a HTTP client for Python. CVE-2018-20060 Urllib3 does not remove the Authorization HTTP header when...