Описание
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
Отчет
This issue did not affect the versions of python-requests as shipped with Red Hat Enterprise Linux 7 as they included a fix for this issue at GA. Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | python-requests | Not affected | ||
| Red Hat OpenStack Platform 3 | python-requests | Will not fix | ||
| Red Hat OpenStack Platform 4 | python-requests | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
2.6 Low
CVSS2
Связанные уязвимости
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
Requests (aka python-requests) before 2.3.0 allows remote servers to o ...
Exposure of Sensitive Information to an Unauthorized Actor in Requests
EPSS
2.6 Low
CVSS2