Information Disclosure

2018-10-1002:26:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

requests is vulnerable to information disclosure attacks. The HTTP Authorization header is sent via insecure HTTP channel when a same-hostname HTTPS-to-HTTP redirect is received, allowing remote attackers in the same network to discover credentials by sniffing the network traffic.

CPENameOperatorVersion
requestsle2.19.1
python-requestseq2.3.0__3.el7ost
python-requestseq2.2.1__1.el7sat
python-requestseq2.4.3__1.el7sat
python-requestseq1.1.0__8.1.el7ost
python-pipeq8.1.2__7.el7
python-pipeq8.1.2__1.el7
python-pipeq8.1.2__8.el7
python-pipeq8.1.2__6.el7
python-pip:bioniceq9.0.1-2

Name	Operator	Version
requests	le	2.19.1
python-requests	eq	2.3.0__3.el7ost
python-requests	eq	2.2.1__1.el7sat
python-requests	eq	2.4.3__1.el7sat
python-requests	eq	1.1.0__8.1.el7ost
python-pip	eq	8.1.2__7.el7
python-pip	eq	8.1.2__1.el7
python-pip	eq	8.1.2__8.el7
python-pip	eq	8.1.2__6.el7
python-pip:bionic	eq	9.0.1-2