CVE-2023-32681

Aliases:GHSA-j8r2-6x86-q33qPYSEC-2023-74
Advisory lineage Upstream: 0 Downstream: 25
Modified
Published: 26 May 2023, 17:02
Last modified:13 Feb 2025, 16:54

Vulnerability Summary

Overall Risk (default)
medium
26/100
CVSS Score
6.1 MEDIUM
v3.1 (cve.org)
EPSS Score
6.09% LOW
6% probability -0.19%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

26 May 2023, 17:02
Published
Vulnerability first disclosed
13 Feb 2025, 16:54
Last Modified
Vulnerability information updated

Description

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.

CVSS Metrics

  • v3.1MEDIUMScore: 6.1CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 6.09% Percentile: 91%

Techniques & Countermeasures

  • CWE-200Exposure of Sensitive Information to an Unauthorized Actor

    The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

  • fedoraprojectfedora

    37

  • psfrequests

    ≥ 2.3.0, < 2.31.0

  • PyPIrequests

    < 74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5 | ≥ 2.3.0, < 2.31.0

  • pythonrequests

    ≥ 2.3.0, < 2.31.0

References (12)