Описание
Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.
A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle (MITM) attack.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-ui-rhel8 | Will not fix | ||
| .NET Core 3.1 on Red Hat Enterprise Linux | rh-dotnet31-dotnet | Out of support scope | ||
| OpenShift Developer Tools and Services | odo | Will not fix | ||
| OpenShift Service Mesh 2.0 | kiali | Affected | ||
| OpenShift Service Mesh 2.0 | servicemesh-grafana | Affected | ||
| OpenShift Service Mesh 2.0 | servicemesh-prometheus | Affected | ||
| OpenShift Service Mesh 2.1 | servicemesh-grafana | Will not fix | ||
| OpenShift Service Mesh 2.1 | servicemesh-prometheus | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-header-rhel8 | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-ui-rhel8 | Under investigation |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.
Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.
Improper Removal of Sensitive Information Before Storage or Transfer i ...
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
EPSS
5.9 Medium
CVSS3