Back to bug 2209469
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2023-05-24 03:06:48 UTC | CC | apevec, bbuckingham, bcourt, cstratak, cwelton, davidn, eglynn, ehelms, epacific, gtanzill, hhorak, jcammara, jhardy, jjoyce, jneedle, jobarker, jorton, jsherril, lhh, lzap, mabashia, mburns, mgarciac, mhulan, mminar, myarboro, nmoumoul, orabin, osapryki, pcreech, rbiba, rchan, rhos-maint, simaishi, smcdonal, spower, sskracic, teagle, torsava, yguenane, zsadeh | |
| Sandipan Roy | 2023-05-24 03:08:10 UTC | Blocks | 2209260 | |
| Sandipan Roy | 2023-05-24 03:10:31 UTC | Doc Text | Python-requests package has been vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. Note this behavior has only been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. https://username:password@proxy:8080). | |
| Sandipan Roy | 2023-05-24 03:11:57 UTC | Depends On | 2209472, 2209477, 2209471, 2209473, 2209476, 2209475, 2209474 | |
| Sandipan Roy | 2023-05-24 03:13:26 UTC | Depends On | 2209481, 2209478, 2209479, 2209480 | |
| Vipul Nair | 2023-05-24 11:22:18 UTC | Depends On | 2209651 | |
| RaTasha Tillery-Smith | 2023-05-24 12:55:19 UTC | CC | adudiak, kshier, stcannon, tfister | |
| Depends On | 2209673 | |||
| Doc Text | Python-requests package has been vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. Note this behavior has only been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. https://username:password@proxy:8080). | A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080). | ||
| Red Hat Bugzilla | 2023-07-07 08:29:32 UTC | Assignee | security-response-team | nobody |
| errata-xmlrpc | 2023-08-01 08:49:31 UTC | Link ID | Red Hat Product Errata RHSA-2023:4350 | |
| errata-xmlrpc | 2023-08-08 08:19:56 UTC | Link ID | Red Hat Product Errata RHSA-2023:4520 |
Back to bug 2209469