Lucene search
PRIOn knowledge basePRION:CVE-2018-25091HistoryOct 15, 2023 - 7:15 p.m.
Authorization
2023-10-1519:15:00
PRIOn knowledge base
www.prio-n.com
10
authorization
urllib3
vulnerability
cross-origin
header
cleartext
credentials
unintended hosts
nvd
cve-2018-20060
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).
Related
osv
osv
PYSEC-2023-207
2023-10-15 19:15:00
CVE-2018-25091
2023-10-15 19:15:09
Authorization Header forwarded on redirect
2023-10-15 21:30:26
nvd
nvd
CVE-2018-25091
2023-10-15 19:15:09
CVE-2018-20060
2018-12-11 17:29:00
cve
cve
CVE-2018-25091
2023-10-15 19:15:09
CVE-2018-20060
2018-12-11 17:29:00
redhatcve
redhatcve
CVE-2018-25091
2023-10-16 04:16:46
CVE-2018-20060
2021-08-22 13:20:42
cvelist
cvelist
CVE-2018-25091
2023-10-15 00:00:00
CVE-2018-20060
2018-12-11 17:00:00
veracode
veracode
Authorization HTTP Header Leakage
2023-10-16 12:50:32
Information Disclosure
2018-12-12 03:50:22
github
github
Authorization Header forwarded on redirect
2023-10-15 21:30:26
Exposure of Sensitive Information to an Unauthorized Actor in urllib3
2018-12-12 15:52:07
ubuntucve
ubuntucve
CVE-2018-25091
2023-10-15 00:00:00
CVE-2018-20060
2018-12-11 00:00:00
debiancve
debiancve
CVE-2018-25091
2023-10-15 19:15:09
CVE-2018-20060
2018-12-11 17:29:00
nessus
nessus
EulerOS Virtualization 3.0.6.0 : python-pip (EulerOS-SA-2024-1702)
2024-05-17 00:00:00
EulerOS 2.0 SP8 : python-pip (EulerOS-SA-2024-1295)
2024-03-12 00:00:00
EulerOS 2.0 SP8 : python-urllib3 (EulerOS-SA-2024-1296)
2024-03-12 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-1702)
2024-05-17 00:00:00
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-1295)
2024-03-12 00:00:00
Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1296)
2024-03-12 00:00:00
f5
f5
K000133668 : Python urllib3 vulnerability CVE-2018-20060
2023-04-27 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: python-urllib3-1.24.2-1.fc30
2019-04-27 21:35:01
[SECURITY] Fedora 29 Update: python-urllib3-1.24.2-1.fc29
2019-04-23 20:15:33
[SECURITY] Fedora 28 Update: python-urllib3-1.24.2-1.fc28
2019-04-30 01:41:11
prion
prion
Authorization
2018-12-11 17:29:00
amazon
amazon
Low: python-urllib3
2019-05-16 21:46:00
Low: python-urllib3
2019-06-11 22:41:00
Medium: python-urllib3
2020-06-26 22:55:00
oraclelinux
oraclelinux
python-urllib3 security update
2019-08-13 00:00:00
python-virtualenv security update
2020-05-19 00:00:00
python-virtualenv security update
2020-03-18 00:00:00
redhat
redhat
(RHSA-2019:2272) Moderate: python-urllib3 security update
2019-08-06 08:19:27
(RHSA-2020:2081) Moderate: python-virtualenv security update
2020-05-12 14:03:20
(RHSA-2020:0851) Moderate: python-virtualenv security update
2020-03-17 13:10:32
centos
centos
python security update
2019-08-30 04:04:34
python security update
2020-03-25 19:10:05
python3 security update
2020-03-18 19:33:57
ubuntu
ubuntu
pip vulnerabilities
2023-11-15 00:00:00
urllib3 vulnerabilities
2023-11-07 00:00:00
urllib3 vulnerabilities
2019-05-21 00:00:00
cloudfoundry
cloudfoundry
USN-6473-1: urllib3 vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
freebsd
freebsd
urllib3 -- multiple vulnerabilities
2018-12-11 00:00:00
mageia
mageia
Updated python-urllib3 packages fix security vulnerability
2019-09-07 00:09:08
debian
debian
[SECURITY] [DLA 2686-1] python-urllib3 security update
2021-06-15 18:34:44
[SECURITY] [DLA 3610-1] python-urllib3 security update
2023-10-08 11:06:20
suse
suse
Security update for python-urllib3 (moderate)
2019-09-14 00:00:00
photon
photon
ibm
ibm
almalinux
almalinux
Moderate: python27:2.7 security, bug fix, and enhancement update
2020-04-28 08:55:59
rocky
rocky
python27:2.7 security, bug fix, and enhancement update
2020-04-28 08:55:59
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00