Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-46421

Опубликовано: 24 апр. 2025
Источник: redhat
CVSS3: 6.8
EPSS Низкий

Описание

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.

Меры по смягчению последствий

Currently, no mitigation is available for this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libsoupOut of support scope
Red Hat Enterprise Linux 7libsoupOut of support scope
Red Hat Enterprise Linux 10libsoup3FixedRHSA-2025:750513.05.2025
Red Hat Enterprise Linux 8libsoupFixedRHSA-2025:456006.05.2025
Red Hat Enterprise Linux 8libsoupFixedRHSA-2025:456006.05.2025
Red Hat Enterprise Linux 8.2 Advanced Update SupportlibsoupFixedRHSA-2025:453806.05.2025
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportlibsoupFixedRHSA-2025:460907.05.2025
Red Hat Enterprise Linux 8.4 Telecommunications Update ServicelibsoupFixedRHSA-2025:460907.05.2025
Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionslibsoupFixedRHSA-2025:460907.05.2025
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportlibsoupFixedRHSA-2025:462407.05.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-497
https://bugzilla.redhat.com/show_bug.cgi?id=2361962libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server

EPSS

Процентиль: 16%
0.00052
Низкий

6.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-46421

CVSS3: 6.8
ubuntu
около 2 месяцев назад

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.

nvd логотип

CVE-2025-46421

CVSS3: 6.8
nvd
около 2 месяцев назад

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.

msrc логотип

CVE-2025-46421

CVSS3: 6.8
msrc
около 1 месяца назад

Описание отсутствует

debian логотип

CVE-2025-46421

CVSS3: 6.8
debian
около 2 месяцев назад

A flaw was found in libsoup. When libsoup clients encounter an HTTP re ...

github логотип

GHSA-pr7v-prvv-52v8

CVSS3: 6.8
github
около 2 месяцев назад

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.

EPSS

Процентиль: 16%
0.00052
Низкий

6.8 Medium

CVSS3