Описание
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.
A flaw was found in urllib3. The PoolManager class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.
Отчет
A flaw was found in the urllib3 library where it could be tricked into disclosing the Proxy-Authorization header to a destination server when a CONNECT tunnel is used. An attacker can set up a malicious redirect to a crafted URL, which, when followed by the client application, will cause the Proxy-Authorization header to be sent to the attacker-controlled server. This leaks sensitive credentials for the proxy. The impact is primarily on confidentiality. While urllib3 is a ubiquitous component, the vulnerability requires a specific scenario where a user is connecting to a proxy that requires authentication and is redirected to a malicious endpoint. This lowers the exploitability compared to a direct, unauthenticated remote attack, thus, warranting a Moderate severity rating. Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. The platform limits access to external systems and enforces strict network security boundaries through a deny-all, allow-exception system implementation. This ensures that access to external websites and systems is strictly controlled, monitored, and, if necessary, restricted. By enforcing policies on which external sites or domains users and applications can interact with, this control minimizes the risk of users being redirected to malicious websites. For example, organizations may implement allowlists of approved URLs or domains, blocking any redirections to untrusted or unauthorized sites. The platform's implementation of boundary protection includes firewalls, gateways, and intrusion detection/prevention systems. This control prevents unauthorized traffic, including malicious redirect requests, from entering or leaving the internal network. The boundary protection control can enforce URL filtering, domain allowlisting, and content inspection to block redirection attempts to known malicious domains. When configured properly, boundary protection mechanisms ensure that even if an open redirect vulnerability is exploited, the impact is limited by blocking access to harmful external sites.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-agent-rhel9 | Out of support scope | ||
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-controller-rhel9 | Out of support scope | ||
| Assisted Installer for Red Hat OpenShift Container Platform 2 | rhai/assisted-installer-rhel9 | Out of support scope | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-shared-resource-rhel9 | Fix deferred | ||
| Builds for Red Hat OpenShift | openshift-builds/openshift-builds-shared-resource-webhook-rhel9 | Fix deferred | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/cert-manager-istio-csr-rhel9 | Fix deferred | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/cert-manager-operator-rhel9 | Fix deferred | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-acmesolver-rhel9 | Fix deferred | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-rhel9 | Fix deferred | ||
| Confidential Compute Attestation | confidential-compute-attestation-tech-preview/trustee-rhel9 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
urllib3 is a user-friendly HTTP client library for Python. Prior to 2. ...
EPSS
5.3 Medium
CVSS3