CVE-2018-25091 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-25091 PUBLISHED

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

EPSS 0.25% · 48.2th percentile

Risk Scores

EPSS Score

0.25%

48.2th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:18.04:LTS	python-pip	9.0.1-2.3~ubuntu1.18.04.6, 9.0.1-2.3~ubuntu1.18.04.5+esm3, 9.0.1-2.3~ubuntu1.18.04.5+esm2
Ubuntu:Pro:14.04:LTS	python-pip	0, 1.4.1-2, 1.5.4-1
Ubuntu:Pro:14.04:LTS	python-urllib3	1.6-2, 0, 1.7.1-1
Ubuntu:Pro:16.04:LTS	python-pip	8.1.1-2, 8.1.1-2ubuntu0.1, 8.1.1-2ubuntu0.2
Ubuntu:Pro:16.04:LTS	python-urllib3	1.13.1-2, 1.13.1-1, 1.12-1
Ubuntu:Pro:18.04:LTS	python-urllib3	1.22-1, 1.21.1-1, 0

Timeline

Oct 15, 2023 CVE Published
Oct 16, 2023 EPSS Score
Nov 16, 2023 EPSS Score
Dec 16, 2023 EPSS Score
Jan 16, 2024 EPSS Score
Feb 16, 2024 EPSS Score
Mar 17, 2024 EPSS Score
Apr 17, 2024 EPSS Score
May 18, 2024 EPSS Score
Jun 18, 2024 EPSS Score
Jul 18, 2024 EPSS Score
Aug 18, 2024 EPSS Score

References

https://ubuntu.com/security/CVE-2018-25091 third-party-advisory
https://github.com/urllib3/urllib3/issues/1510 third-party-advisory
https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2 third-party-advisory
https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc third-party-advisory
https://ubuntu.com/security/notices/USN-6473-1 vendor-advisory
https://ubuntu.com/security/notices/USN-6473-2 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2018-25091 third-party-advisory

Open in Interactive Console →