py-treq -- sensitive information leak vulnerability

2022-02-0100:00:00

vuxml.freebsd.org

treq security vulnerability

cookie dictionary

sensitive information leakage

http redirect

supercookies

domain bound

cloud storage provider

unix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

62.0%

JSON

Treq’s request methods (treq.get, treq.post, HTTPClient.request, HTTPClient.get, etc.) accept cookies as a dictionary.
Such cookies are not bound to a single domain, and are therefore sent to every domain (“supercookies”).
This can potentially cause sensitive information to leak upon an HTTP redirect to a different domain., e.g. should https://example.com redirect to http://cloudstorageprovider.com the latter will receive the cookie session.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchpy37-treq< 22.1.0UNKNOWN
FreeBSDanynoarchpy38-treq< 22.1.0UNKNOWN
FreeBSDanynoarchpy39-treq< 22.1.0UNKNOWN
FreeBSDanynoarchpy310-treq< 22.1.0UNKNOWN
FreeBSDanynoarchpy311-treq< 22.1.0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	py37-treq	< 22.1.0	UNKNOWN
FreeBSD	any	noarch	py38-treq	< 22.1.0	UNKNOWN
FreeBSD	any	noarch	py39-treq	< 22.1.0	UNKNOWN
FreeBSD	any	noarch	py310-treq	< 22.1.0	UNKNOWN
FreeBSD	any	noarch	py311-treq	< 22.1.0	UNKNOWN