CVE-2018-25091

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
pythonurllib3
𝑥
< 1.24.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-urllib3
bullseye
1.26.5-1~exp1
fixed
bookworm
1.26.12-1
fixed
sid
2.0.7-2
fixed
trixie
2.0.7-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-pip
noble
needs-triage
mantic
Fixed 23.2+dfsg-1ubuntu0.1
released
lunar
Fixed 23.0.1+dfsg-1ubuntu0.2
released
jammy
Fixed 22.0.2+dfsg-1ubuntu0.4
released
focal
Fixed 20.0.2-5ubuntu1.10
released
bionic
Fixed 9.0.1-2.3~ubuntu1.18.04.8+esm2
released
xenial
Fixed 8.1.1-2ubuntu0.6+esm6
released
trusty
needs-triage
python-urllib3
noble
not-affected
mantic
not-affected
lunar
not-affected
jammy
not-affected
focal
not-affected
bionic
Fixed 1.22-1ubuntu0.18.04.2+esm1
released
xenial
Fixed 1.13.1-2ubuntu0.16.04.4+esm1
released
trusty
needs-triage
Common Weakness Enumeration
References
https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc
https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2
https://github.com/urllib3/urllib3/issues/1510
https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc
https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2
https://github.com/urllib3/urllib3/issues/1510